[Aide] aide.conf: exclude directory *except* one file

M linuxntwrk at gmail.com
Wed Mar 24 20:00:38 EET 2021 

Thanks so much for the help!

Unfortunately that does not do the trick.

/dir/sub/file
!/dir/sub
/dir

The "/dir/sub/file" is not included with this configuration. The directory
"/dir/sub/" is properly *excluded*, and all other subdirs & files in
"/dir/" are properly *included*, but the "/dir/sub/file" is not properly
*included*. Does Aide just not support this scenario at all?

As mentioned, I've tried double-negating:

!/dir/sub/[^f]
/dir

But this will still include the *directory* "/dir/sub/" (not optimal), and
obviously will include *all* files starting with "f" (which is fine in my
case, but also not optimal).

Is there any advantage to upgrading to the latest AIDE version (I am
on 0.15.1)?

Thanks in advance!

-LN

On Tue, Mar 23, 2021 at 6:04 PM Morgan Weetman <mweetman at redhat.com> wrote:

> I believe the matching rules should be arranged from most specific at the
> top to least specific, so maybe try:
>
> /dir/sub/file
> !/dir/sub
> /dir
>
> .. and see if that works?
>
> hth
>
> On Wed, 24 Mar 2021 at 11:44, M <linuxntwrk at gmail.com> wrote:
>
>> Hi all,
>>
>> I need to do the following:
>>
>> /dir NORMAL  <--------- include /dir and all its
>> recursive subdirectories/files
>> !/dir/sub <------------- *exclude* this one specific subdirectory
>> /dir/sub/file <------------- but *include* this one file in the
>> above-excluded subdirectory
>>
>> Unfortunately configuring aide.conf as above does not achieve the results
>> I desire. The negative selection line supersedes the single-file inclusion
>> line below it. This is with AIDE version 0.15.1.
>>
>> I've found some other discussions about this (
>> https://www.ipi.fi/pipermail/aide/2015-November/001504.html) but I can't
>> seem to get it working with PCREs in AIDE either (negative lookahead?).
>>
>> Even doing something like:
>> ! /dir/sub/[^f]
>>
>> to try to include only files starting with "f" works, but the *directory*
>> itself is then still included, which is no good.
>>
>> Goal is: to recursively include all subdirectories, exclude one
>> directory, but *include* a specific file only from the excluded
>> subdirectory.
>>
>> Any suggestions/help here? Would be much appreciated!
>>
>> Thanks,
>> LN
>> _______________________________________________
>> Aide mailing list
>> Aide at ipi.fi
>> https://www.ipi.fi/mailman/listinfo/aide
>>
>
>
> --
> Morgan Weetman
> Services Content Architect
> M: +61 439 469 793
> https://www.redhat.com/en/services/training-and-certification
> _______________________________________________
> Aide mailing list
> Aide at ipi.fi
> https://www.ipi.fi/mailman/listinfo/aide
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ipi.fi/pipermail/aide/attachments/20210324/f40fa4c0/attachment.html>

More information about the Aide mailing list