Hannes, Thank you for this definitive answer. I can add the actual directories to the "app"_aide.conf file going forward. Much appreciated. V/R, John Jamerson
-----Original Message----- From: Aide [mailto:aide-boun...@ipi.fi] On Behalf Of aide-requ...@ipi.fi Sent: Sunday, April 9, 2023 5:00 AM To: aide@ipi.fi Subject: Aide Digest, Vol 50, Issue 2 Send Aide mailing list submissions to aide@ipi.fi To subscribe or unsubscribe via the World Wide Web, visit https://www.ipi.fi/mailman/listinfo/aide or, via email, send a message with subject or body 'help' to aide-requ...@ipi.fi You can reach the person managing the list at aide-ow...@ipi.fi When replying, please edit your Subject line so it is more specific than "Re: Contents of Aide digest..." Today's Topics: 1. Does AIDE traverse Linux symlinks? (John Jamerson) 2. Re: Does AIDE traverse Linux symlinks? (Hannes von Haugwitz) ---------------------------------------------------------------------- Message: 1 Date: Sat, 8 Apr 2023 23:36:59 -0400 From: "John Jamerson" <jjamer...@ec.rr.com> To: <aide@ipi.fi> Subject: [Aide] Does AIDE traverse Linux symlinks? Message-ID: <01b401d96a94$8b58ffb0$a20aff10$@ec.rr.com> Content-Type: text/plain; charset="utf-8" Setup: RHEL8 environment. On 50+ servers there is a cron'd AIDE process for a particular application's directory tree that produces a report which is then emailed. Situation: /data/app/bin/file is a link that points at /releases/app/bin/file. In other words: ls -l yields /data/app/bin/file > releases/app/bin/file Changes (add/delete/modify) in the latter directory (/releases/app/bin/*) are not picked up by the AIDE process. Other applications that do not use symlinks? AIDE picks up any/all changes If AIDE, by design, traverses Linux symlinks, perhaps there's an /etc/aide.conf option I've missed or misconfigured? man ages for aide and aide.conf discuss links but only in the context of ACL's. No ACL's are being used. Extensive Google searches have not helped at all. Ideas/clues? What am I missing? TIA. John Jamerson -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.ipi.fi/pipermail/aide/attachments/20230408/68bf16ac/attachment-0001.html> ------------------------------ Message: 2 Date: Sun, 9 Apr 2023 07:51:07 +0200 From: Hannes von Haugwitz <han...@vonhaugwitz.com> To: Aide user mailinglist <aide@ipi.fi> Subject: Re: [Aide] Does AIDE traverse Linux symlinks? Message-ID: <20230409055107.g...@magnesium.vonhaugwitz.com> Content-Type: text/plain; charset=us-ascii Hello John, On Sat, Apr 08, 2023 at 11:36:59PM -0400, John Jamerson wrote: > If AIDE, by design, traverses Linux symlinks, perhaps there's an > /etc/aide.conf option I've missed or misconfigured? No, AIDE does not follow symlinks. Would it be an option to not only scan /data/app/ but also /releases/app? Best regards Hannes ------------------------------ Subject: Digest Footer _______________________________________________ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide ------------------------------ End of Aide Digest, Vol 50, Issue 2 *********************************** _______________________________________________ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
