[Aide] config changes between 0.17.3 and 0.18.3
Hannes von Haugwitz
hannes at vonhaugwitz.com
Wed Jun 28 09:25:04 EEST 2023
Hi,
On Mon, Jun 26, 2023 at 01:55:06PM -0700, Paul B. Henson wrote:
> However, with 18, this only includes /etc in the db and everything else
> is skipped:
This issue was also reported on Github some weeks ago[ISSUE] and now I
was able to reproduce it, I fixed this issue in [cf5026b]. The fix
will be part of the next stable point release of AIDE.
[ISSUE] https://github.com/aide/aide/issues/154
[cf5026b] https://github.com/aide/aide/commit/cf5026bf0852d350030d6d1a7a0351573c9512e6
> Interestingly, when I went to look at the man page, both 17 and 18 say:
>
> Equals rule:
> =<regex> <attribute expression>
>
> Files and directories matching the regular expression are added to the database. The chil‐
> dren of directories are only added if the regular expression ends with a "/". The children
> of sub-directories are not added at all.
>
> So the behavior of 18 matches the docs and that of 17 does not.
The described behaviour only applies to the equals rule, if another rule
matches the directory children they should be added to the database.
> I tried changing the order:
>
> /etc$ L
> / Default
>
> and that seems to work? Do I need to not use = rules now, and put more
> specific stuff first?
Unrelated from the (now fixed) issue, it is generally a good idea to
write the most general rules last.
Best regards
Hannes
More information about the Aide
mailing list