[Aide] Protecting multiple containers
Marc Haber
mh+aide at zugschlus.de
Tue Apr 18 19:20:37 EEST 2023
On Tue, Apr 18, 2023 at 11:31:17AM +0000, Rick van Rein wrote:
> > If you have a common
> > rule set you might want to look at the RULE_PREFIX option (added in AIDE
> > v0.18) for the @@include/@@x_include macro.
>
> That's a surprising extra. I can see that it makes sense if I were to
> load the config from within the container's idea of its rootdir.
The ideais also to use a set compiled from rules that were made to check
the system itself. Think about having /e/a/rules.d populated with all
the rules, /e/a/system symlinking to the rules that are used for the
system itself, /e/a/container1 symlinking to the rules that are used for
container1, and using a basic include for /e/a/system and rule prefix
for including /e/a/container1, and so on. This has an immediate benefit
regardless where the actual rules are stored.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
More information about the Aide
mailing list