Hello Hannes, I wanted to express a huge *thank you* for your help! Your solutions of upgrading to aide 0.17.3 and the configuration you provided has worked for me. I see that 0.17.3 is a big improvement.
Thanks again! On Thu, Mar 25, 2021 at 2:25 PM Hannes von Haugwitz <[email protected]> wrote: > Hello, > > On Wed, Mar 24, 2021 at 11:00:38AM -0700, M wrote: > > Is there any advantage to upgrading to the latest AIDE version (I am > > on 0.15.1)? > > AIDE 0.15.1 has been released over 10 years ago. Please check the NEWS > file[0] for the changes since then. > > > > On Wed, 24 Mar 2021 at 11:44, M <[email protected]> wrote: > > >> I've found some other discussions about this ( > > >> https://www.ipi.fi/pipermail/aide/2015-November/001504.html) but I > can't > > >> seem to get it working with PCREs in AIDE either (negative > lookahead?). > > PCRE support has been added in AIDE 0.16. > > > >> Goal is: to recursively include all subdirectories, exclude one > > >> directory, but *include* a specific file only from the excluded > > >> subdirectory. > > The difficulty here is that directories matching negative rules are > completely ignored. > > To achieve your goal please try the following rules (AIDE >= 0.16): > > !/dir/sub/(?!file) > !/dir/sub$ d > /dir R > > Assuming the following files in the filesytem: > > / > /dir > /dir/file > /dir/sub > /dir/sub/not > /dir/sub/file > > You can now use `--dry-init` to see which entries would be added to the > database: > > $ aide --config aide.conf --dry-init > [ ] d '/': no matching rule > [X] d '/dir': selective rule: '/dir (none) > l+p+u+g+s+c+m+i+n+md5+acl+selinux+xattrs+ftype+e2fsattrs+caps' > (aide.conf:3: '/dir R') > [X] f '/dir/file': selective rule: '/dir (none) > l+p+u+g+s+c+m+i+n+md5+acl+selinux+xattrs+ftype+e2fsattrs+caps' > (aide.conf:3: '/dir R') > [ ] d '/dir/sub': negative rule: '!/dir/sub$ d' (aide.conf:2: '!/dir/sub$ > d') > [ ] f '/dir/sub/not': negative rule: '!/dir/sub/(?!file) (none)' > (aide.conf:1: '!/dir/sub/(?!file)') > [X] f '/dir/sub/file': selective rule: '/dir (none) > l+p+u+g+s+c+m+i+n+md5+acl+selinux+xattrs+ftype+e2fsattrs+caps' > (aide.conf:3: '/dir R') > > You can also use `--path-check` to test your rules: > > $ aide --config aide.conf --path-check f:/dir/sub/another-file > [ ] f '/dir/sub/another-file': negative rule: '!/dir/sub/(?!file) (none)' > (aide.conf:1: '!/dir/sub/(?!file)') > > Both `--dry-init` and `--path-check` have been added in AIDE 0.17. > > Best regards > > Hannes > > [0] https://github.com/aide/aide/blob/master/NEWS > _______________________________________________ > Aide mailing list > [email protected] > https://www.ipi.fi/mailman/listinfo/aide >
_______________________________________________ Aide mailing list [email protected] https://www.ipi.fi/mailman/listinfo/aide
