[Aide] Aide Digest, Vol 50, Issue 2 (Does AIDE traverse Linux symlinks?)

John Jamerson jjamerson at ec.rr.com
Sun Apr 9 18:29:03 EEST 2023 

Hannes,
Thank you for this definitive answer.
I can add the actual directories to the "app"_aide.conf file going forward.
Much appreciated.
V/R,
John Jamerson


-----Original Message-----
From: Aide [mailto:aide-bounces at ipi.fi] On Behalf Of aide-request at ipi.fi
Sent: Sunday, April 9, 2023 5:00 AM
To: aide at ipi.fi
Subject: Aide Digest, Vol 50, Issue 2

Send Aide mailing list submissions to
	aide at ipi.fi

To subscribe or unsubscribe via the World Wide Web, visit
	https://www.ipi.fi/mailman/listinfo/aide
or, via email, send a message with subject or body 'help' to
	aide-request at ipi.fi

You can reach the person managing the list at
	aide-owner at ipi.fi

When replying, please edit your Subject line so it is more specific than "Re: Contents of Aide digest..."


Today's Topics:

   1. Does AIDE traverse Linux symlinks? (John Jamerson)
   2. Re: Does AIDE traverse Linux symlinks? (Hannes von Haugwitz)


----------------------------------------------------------------------

Message: 1
Date: Sat, 8 Apr 2023 23:36:59 -0400
From: "John Jamerson" <jjamerson at ec.rr.com>
To: <aide at ipi.fi>
Subject: [Aide] Does AIDE traverse Linux symlinks?
Message-ID: <01b401d96a94$8b58ffb0$a20aff10$@ec.rr.com>
Content-Type: text/plain; charset="utf-8"

Setup:  RHEL8 environment.  On 50+ servers there is a cron'd AIDE process for a particular application's directory tree that produces a report which is then emailed.

 

Situation:  /data/app/bin/file is a link that points at /releases/app/bin/file. In other words: ls -l yields /data/app/bin/file > releases/app/bin/file

 

Changes (add/delete/modify) in the latter directory (/releases/app/bin/*) are not picked up by the AIDE process.

 

Other applications that do not use symlinks?  AIDE picks up any/all changes

 

If AIDE, by design, traverses Linux symlinks, perhaps there's an /etc/aide.conf option I've missed or misconfigured?

 

man ages for aide and aide.conf discuss links but only in the context of ACL's.  No ACL's are being used.

 

Extensive Google searches have not helped at all.

 

Ideas/clues?  What am I missing?  TIA.

 

John Jamerson

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ipi.fi/pipermail/aide/attachments/20230408/68bf16ac/attachment-0001.html>

------------------------------

Message: 2
Date: Sun, 9 Apr 2023 07:51:07 +0200
From: Hannes von Haugwitz <hannes at vonhaugwitz.com>
To: Aide user mailinglist <aide at ipi.fi>
Subject: Re: [Aide] Does AIDE traverse Linux symlinks?
Message-ID: <20230409055107.GA25 at magnesium.vonhaugwitz.com>
Content-Type: text/plain; charset=us-ascii

Hello John,

On Sat, Apr 08, 2023 at 11:36:59PM -0400, John Jamerson wrote:
> If AIDE, by design, traverses Linux symlinks, perhaps there's an 
> /etc/aide.conf option I've missed or misconfigured?

No, AIDE does not follow symlinks.

Would it be an option to not only scan /data/app/ but also /releases/app?

Best regards

Hannes


------------------------------

Subject: Digest Footer

_______________________________________________
Aide mailing list
Aide at ipi.fi
https://www.ipi.fi/mailman/listinfo/aide


------------------------------

End of Aide Digest, Vol 50, Issue 2
***********************************

More information about the Aide mailing list