Forum: Cfengine Help
Subject: Re: depth_search exclude files in tripwire changes
Author: steve
Link to topic: https://cfengine.com/forum/read.php?3,19372,19412#msg-19412
Hi Neil,
Thank you very much for your quick response, i've had a play around with what
you have suggested, and here is what I came up with:
body file_select exclude_files
{
leaf_name => {
"^((?!\bfile10.txt\b|\bfile14.txt\b|\bfile1\b|\bexclude_me\b).)*$" };
file_result => "leaf_name";
}
This does indeed exclude those files for the changes tripwire, but almost too
effectively, this means that an intruder could create a malicious file called
exclude_me (or any of the above examples) and it will not get picked up, I
tried to tie it down like:
leaf_name => { "^((?!\b/filepath/exclude_me\b).)*$" };
Also using
path_name => { "/filepath/.*" };
But not getting the desired result...
Can you offer another clue ?
Thanks again,
Steve.
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
