[Aide] aide.conf: exclude directory *except* one file
Morgan Weetman
mweetman at redhat.com
Wed Mar 24 03:03:25 EET 2021
I believe the matching rules should be arranged from most specific at the
top to least specific, so maybe try:
/dir/sub/file
!/dir/sub
/dir
.. and see if that works?
hth
On Wed, 24 Mar 2021 at 11:44, M <linuxntwrk at gmail.com> wrote:
> Hi all,
>
> I need to do the following:
>
> /dir NORMAL <--------- include /dir and all its
> recursive subdirectories/files
> !/dir/sub <------------- *exclude* this one specific subdirectory
> /dir/sub/file <------------- but *include* this one file in the
> above-excluded subdirectory
>
> Unfortunately configuring aide.conf as above does not achieve the results
> I desire. The negative selection line supersedes the single-file inclusion
> line below it. This is with AIDE version 0.15.1.
>
> I've found some other discussions about this (
> https://www.ipi.fi/pipermail/aide/2015-November/001504.html) but I can't
> seem to get it working with PCREs in AIDE either (negative lookahead?).
>
> Even doing something like:
> ! /dir/sub/[^f]
>
> to try to include only files starting with "f" works, but the *directory*
> itself is then still included, which is no good.
>
> Goal is: to recursively include all subdirectories, exclude one directory,
> but *include* a specific file only from the excluded subdirectory.
>
> Any suggestions/help here? Would be much appreciated!
>
> Thanks,
> LN
> _______________________________________________
> Aide mailing list
> Aide at ipi.fi
> https://www.ipi.fi/mailman/listinfo/aide
>
--
Morgan Weetman
Services Content Architect
M: +61 439 469 793
https://www.redhat.com/en/services/training-and-certification
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ipi.fi/pipermail/aide/attachments/20210324/f693d9e3/attachment.html>
More information about the Aide
mailing list