[Aide] Is aide pattern matching algorithm using first match?
Keith Constable
kccricket at gmail.com
Wed Mar 9 23:21:02 EET 2016
Karel,
Looking at the way I have my configs, you do want the more specific
rules above the more generic rules.
Regards,
Keith Constable
On Fri, Mar 4, 2016 at 3:02 AM, Karel Šrot <srot.karel at gmail.com> wrote:
> Hello,
>
> I am a question about the aide matching algorithm. Is it using the first
> match?
>
> I am asking because I have encountered that with the following config file
>
> /etc/ p+md5
> /etc/passwd p+md5+sha1
>
> the sha1 checksum is actually not stored in the aide database while it is
> stored when the lines switched.
>
> Is that by design? In the aide manual I have found following sentence:
>
> "As it can also be seen, equals selection lines are only checked in the
> first recursion step, thus providing some kind of speed optimization by
> reducing the number of necessary regular expression evaluations, which is a
> quite expensive operation."
>
> but I am not sure if it explains the behaviour I am observing. Moreover,
> even the official configuration examples are ordering file paths in the
> 'from top to bottom' order which would be really confusing if aide is
> supposed to work the way it works now.
>
> I have checked both aide v0.14 and v0.15.1, both behave the same way.
>
> Best regards,
> Karel Srot
>
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
More information about the Aide
mailing list