Hi V Here some examples how the directory names look like
/opt /opt/install-test /opt/install-live /opt/install- test/management /opt/install-test/management/scripts /opt/httpd and so on. Unfortunately I can not make a qualified conclusion about the depth of the path. Do you have any idea? Kind regards, Oliver ----Ursprüngliche Nachricht---- Von: [email protected] Datum: 06.06.2011 17:26 An: <[email protected]> Kopie: <[email protected]> Betreff: Re: Re: [Aide] Intrusion report of directory files You best bet would be to write a rule using regular expressions. Also, if majority of the directories are to be ignored, then consider writing rules for the ones you want to monitor and ignore the rest ("=/opt/app1$"). Take a look at http://www.cs.tut.fi/~rammer/aide/manual.html#usage for some examples and pitfalls to watch out for. Can you share a list of directories you are trying to include/exclude? Maybe I can try to help write the reg-ex rule. V On Mon, Jun 6, 2011 at 10:01 AM, [email protected] <[email protected]> wrote: > Hi V > > Sorry, maybe I was not clear enough. I have approximately 25 sub directories in /opt and looking for a rule to > exclude that globally for /opt and not by excluding each sub directory. Otherwise it's very unhandy. > > Kind regards, > > Oliver > > ----Ursprüngliche Nachricht---- > Von: [email protected] > Datum: 06.06.2011 15:48 > An: <[email protected]>, > "Aide user mailinglist"<[email protected]> > Betreff: Re: [Aide] Intrusion report of directory files > > Try "! > /opt/SomeSoftware/tmp" without the quotes. > > V > > On Mon, Jun 6, 2011 at 3:49 AM, [email protected] <oliver. k@bluewin. > ch> wrote: >> Hi all >> >> I'm pretty new to AIDE and tried for a while to get along with the configuration. >> >> I have > made a rule like >> this: >> >> RULE=p+i+n+u+g+s+m+md5 >> >> and use this rule on the directory path /opt >> >> /opt RULE >> >> > My problem are some scripts >> that write temporary files in the directory somewhere in /opt/.../... and by this > behavior it causes aide do report an >> intrusion because of the mtime check. Does anyone have an idea how I can solve > that problem? I don't want to remove the >> mtime check. My thoughts go to the direction of excluding the mtime check > for all directory files, is that possible? >> >> >> Thank you for your time and help >> >> > _______________________________________________ >> Aide mailing list >> [email protected] >> https://mailman.cs.tut.fi/mailman/listinfo/aide >> > > > > _______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
