subject:"Re\: \[Aide\] Rules to exclude all files except one"

Re: [Aide] Rules to exclude all files except one

2016-02-27 Thread Hannes von Haugwitz

Hi,

On Fri, Nov 20, 2015 at 05:15:50PM +0100, Hannes von Haugwitz wrote:
> On Fri, Nov 20, 2015 at 11:37:24AM +0100, Brian Mathis wrote:
> > Maybe full PCREs would be nice for the next version of AIDE.
> > 
> 
> I currently evaluate this for the next alpha version.

The latest git commit[0] now adds full PCREs to AIDE.

Best regards

Hannes

[0] https://sourceforge.net/p/aide/code/ci/a6e3e0
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

Re: [Aide] Rules to exclude all files except one

2015-11-20 Thread Brian Mathis

I noticed that the aide binary (on centos 7) is linked with libpcre, but
perlish regexes don't seem to work.  A negative look-ahead assertion would
accomplish it if full pcre was actually in use:
!/opt/app/dir/(?!onedir).*

Maybe full PCREs would be nice for the next version of AIDE.

~ Brian Mathis
@orev


On Thu, Nov 19, 2015 at 8:08 PM, Hannes von Haugwitz  wrote:

> Hi,
>
> On Wed, Nov 18, 2015 at 06:23:23PM +0100, Brian Mathis wrote:
> > I'm trying to setup some rules that exclude all files/dirs in a
> > subdirectory except for one, without itemizing every file to exclude.
> >
> > Example:
> > /opt/app/dir1--> exclude
> > /opt/app/dir2--> include
> > /opt/app/dir3--> exclude
> >
> > I'm trying something like this, but can't seem to get it working:
> > /opt/app/dir2/.*NORMAL
> > !/opt/app/
> > /EVERYTHING
> > The ! rule always seems to override the dir2 rule.
> >
> > Is there any way to accomplish this with aide?
>
> I'm pretty sure that this is not possible with the current version of
> AIDE.
>
> Currently I'm working on the rule handling of AIDE and I'll keep your
> use case in mind. Perhaps there is a simple solution to fix this
> issue.
>
> Best regards
>
> Hannes
> ___
> Aide mailing list
> Aide@cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

Re: [Aide] Rules to exclude all files except one

2015-11-20 Thread Hannes von Haugwitz

Hi,

On Fri, Nov 20, 2015 at 11:37:24AM +0100, Brian Mathis wrote:
> I noticed that the aide binary (on centos 7) is linked with libpcre, but
> perlish regexes don't seem to work.  A negative look-ahead assertion would
> accomplish it if full pcre was actually in use:
> !/opt/app/dir/(?!onedir).*
> 
> Maybe full PCREs would be nice for the next version of AIDE.
> 

I currently evaluate this for the next alpha version.

Best regards

Hannes
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Brian Mathis

Thanks for the reply (glad this list isn't completely dead), but I think
it's pretty clear that I said "all files/dirs in a subdirectory" and
"without itemizing every file to exclude".  This indicates that a specific
include/exclude is explicitly not what I'm looking for, as the list of
things to exclude is not known beforehand.

~ Brian Mathis
@orev


On Wed, Nov 18, 2015 at 10:47 PM, Shirkdog  wrote:

> What if you do the specific include/exclude?
>
> /opt/app/dir2/.* NORMAL
> !/opt/app/dir1
> !/opt/app/dir3
>
>
> ---
> Michael Shirk
>
>
> On Wed, Nov 18, 2015 at 12:23 PM, Brian Mathis
>  wrote:
> > I'm trying to setup some rules that exclude all files/dirs in a
> subdirectory
> > except for one, without itemizing every file to exclude.
> >
> > Example:
> > /opt/app/dir1--> exclude
> > /opt/app/dir2--> include
> > /opt/app/dir3--> exclude
> >
> > I'm trying something like this, but can't seem to get it working:
> > /opt/app/dir2/.*NORMAL
> > !/opt/app/
> > /EVERYTHING
> > The ! rule always seems to override the dir2 rule.
> >
> > Is there any way to accomplish this with aide?
> >
> > ~ Brian Mathis
> > @orev
> >
> >
> > ___
> > Aide mailing list
> > Aide@cs.tut.fi
> > https://mailman.cs.tut.fi/mailman/listinfo/aide
> >
> ___
> Aide mailing list
> Aide@cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Richard Dupuy

The more I looked, this might be necessary:

!/opt/app/dir/[^o]
!/opt/app/dir/[^o][^n]
!/opt/app/dir/[^o][^n][^e]
!/opt/app/dir/[^o][^n][^e][^d]
!/opt/app/dir/[^o][^n][^e][^d][^i]
!/opt/app/dir/[^o][^n][^e][^d][^i][^r]
!/opt/app/dir/[^o][^n][^e][^d][^i][^r][^/]

--Rich Dupuy
  IT Technical Support Consultant
State of Louisiana
-Division of Administration
-Office of Technology Services


-Original Message-
From: Aide [mailto:aide-boun...@cs.tut.fi] On Behalf Of Richard Dupuy
Sent: Thursday, November 19, 2015 3:52 PM
To: Aide user mailinglist
Subject: Re: [Aide] Rules to exclude all files except one

I've done something like this with some success:

!/opt/app/dir/[^o][^n][^e][^d][^i][^r][^/]

You might play around with find and grep/egrep to find the "just right" regular 
expression... I've played this game of "exclude all but..." with regular 
expressions before. It's very ugly, but there's *usually a way*, at least with 
extended regular expression syntax.

--Rich Dupuy
  IT Technical Support Consultant
Office of Technology Services


-Original Message-
From: Aide [mailto:aide-boun...@cs.tut.fi] On Behalf Of Shirkdog
Sent: Thursday, November 19, 2015 10:12 AM
To: Aide user mailinglist
Subject: Re: [Aide] Rules to exclude all files except one

That was the reason for my response, pretty sure your issue has come up before, 
and I have worked around it by automating that process outside of aide.

It is something it should be able to handle, a global white-list of some kind 
for the values you do not want to check.

---
Michael Shirk


On Thu, Nov 19, 2015 at 9:40 AM, Brian Mathis 
<brian.mathis+a...@betteradmin.com> wrote:
> No, that doesn't work because the ! rule still matches the onefile 
> rule, so it is excluded.  This can be seen when running with -V250:
>
> "/opt/app/dir" matches rule from line #131: ^/opt/app/dir
> /opt/app/dir match=0, tree=0x7fc395d8f780, attr=0
> "/opt/app/dir/onefile" matches rule from line #132:
> ^/opt/app/dir/onefile
> "/opt/app/dir/onefile" matches rule from line #131: ^/opt/app/dir
> /opt/app/dir/onefile match=0, tree=0x7fc395d8f780, attr=0
>
> ~ Brian Mathis
> @orev
>
>
> On Thu, Nov 19, 2015 at 12:07 PM, Jobst Schmalenbach 
> <jo...@barrett.com.au>
> wrote:
>>
>> Wouldn't it be
>>
>> !/opt/app/dir
>> /opt/app/dir/onefileNORMAL
>>
>>
>> Jobst
>>
>> --
>> Sent from my Mobile.
>>
>>
>> On 19 November 2015 7:29:46 PM AEDT, Brian Mathis 
>> <brian.mathis+a...@betteradmin.com> wrote:
>>>
>>> Thanks for the reply (glad this list isn't completely dead), but I 
>>> think it's pretty clear that I said "all files/dirs in a 
>>> subdirectory" and "without itemizing every file to exclude".  This 
>>> indicates that a specific include/exclude is explicitly not what I'm 
>>> looking for, as the list of things to exclude is not known beforehand.
>>>
>>> ~ Brian Mathis
>>> @orev
>>>
>>>
>>> On Wed, Nov 18, 2015 at 10:47 PM, Shirkdog <shirk...@gmail.com> wrote:
>>>>
>>>> What if you do the specific include/exclude?
>>>>
>>>> /opt/app/dir2/.* NORMAL
>>>> !/opt/app/dir1
>>>> !/opt/app/dir3
>>>>
>>>>
>>>> ---
>>>> Michael Shirk
>>>>
>>>>
>>>> On Wed, Nov 18, 2015 at 12:23 PM, Brian Mathis 
>>>> <brian.mathis+a...@betteradmin.com> wrote:
>>>> > I'm trying to setup some rules that exclude all files/dirs in a 
>>>> > subdirectory except for one, without itemizing every file to 
>>>> > exclude.
>>>> >
>>>> > Example:
>>>> > /opt/app/dir1--> exclude
>>>> > /opt/app/dir2--> include
>>>> > /opt/app/dir3--> exclude
>>>> >
>>>> > I'm trying something like this, but can't seem to get it working:
>>>> > /opt/app/dir2/.*NORMAL
>>>> > !/opt/app/
>>>> > /EVERYTHING
>>>> > The ! rule always seems to override the dir2 rule.
>>>> >
>>>> > Is there any way to accomplish this with aide?
>>>> >
>>>> > ~ Brian Mathis
>>>> > @orev
>>>> >
>>>> >
>>>> > ___
>>>> > Aide mailing list
>>>> > Aide@cs.tut.fi
>>>> > https://mailman.cs.tut.fi/mailman/listinfo/aide
>>>> >
>>>> ___
>>>> Aide mailing list
>>>> Aide@cs.tut.fi
>>>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>>>
>>>
>>> 
>>>
>>> Aide mailing list
>>> Aide@cs.tut.fi
>>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
>
> ___
> Aide mailing list
> Aide@cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Richard Dupuy

OK, to be thorough:

!/opt/app/dir/[^o]
!/opt/app/dir/[^o][^n]
!/opt/app/dir/[^o][^n][^e]
!/opt/app/dir/[^o][^n][^e][^d]
!/opt/app/dir/[^o][^n][^e][^d][^i]
!/opt/app/dir/[^o][^n][^e][^d][^i][^r]
!/opt/app/dir/[^o][^n][^e][^d][^i][^r][^/].*

--Rich Dupuy
  IT Technical Support Consultant
Office of Technology Services
225-219-6026


-Original Message-
From: Aide [mailto:aide-boun...@cs.tut.fi] On Behalf Of Richard Dupuy
Sent: Thursday, November 19, 2015 4:00 PM
To: Aide user mailinglist
Subject: Re: [Aide] Rules to exclude all files except one

The more I looked, this might be necessary:

!/opt/app/dir/[^o]
!/opt/app/dir/[^o][^n]
!/opt/app/dir/[^o][^n][^e]
!/opt/app/dir/[^o][^n][^e][^d]
!/opt/app/dir/[^o][^n][^e][^d][^i]
!/opt/app/dir/[^o][^n][^e][^d][^i][^r]
!/opt/app/dir/[^o][^n][^e][^d][^i][^r][^/]

--Rich Dupuy
  IT Technical Support Consultant
State of Louisiana
-Division of Administration
-Office of Technology Services


-Original Message-
From: Aide [mailto:aide-boun...@cs.tut.fi] On Behalf Of Richard Dupuy
Sent: Thursday, November 19, 2015 3:52 PM
To: Aide user mailinglist
Subject: Re: [Aide] Rules to exclude all files except one

I've done something like this with some success:

!/opt/app/dir/[^o][^n][^e][^d][^i][^r][^/]

You might play around with find and grep/egrep to find the "just right" regular 
expression... I've played this game of "exclude all but..." with regular 
expressions before. It's very ugly, but there's *usually a way*, at least with 
extended regular expression syntax.

--Rich Dupuy
  IT Technical Support Consultant
Office of Technology Services


-Original Message-
From: Aide [mailto:aide-boun...@cs.tut.fi] On Behalf Of Shirkdog
Sent: Thursday, November 19, 2015 10:12 AM
To: Aide user mailinglist
Subject: Re: [Aide] Rules to exclude all files except one

That was the reason for my response, pretty sure your issue has come up before, 
and I have worked around it by automating that process outside of aide.

It is something it should be able to handle, a global white-list of some kind 
for the values you do not want to check.

---
Michael Shirk


On Thu, Nov 19, 2015 at 9:40 AM, Brian Mathis 
<brian.mathis+a...@betteradmin.com> wrote:
> No, that doesn't work because the ! rule still matches the onefile 
> rule, so it is excluded.  This can be seen when running with -V250:
>
> "/opt/app/dir" matches rule from line #131: ^/opt/app/dir
> /opt/app/dir match=0, tree=0x7fc395d8f780, attr=0
> "/opt/app/dir/onefile" matches rule from line #132:
> ^/opt/app/dir/onefile
> "/opt/app/dir/onefile" matches rule from line #131: ^/opt/app/dir
> /opt/app/dir/onefile match=0, tree=0x7fc395d8f780, attr=0
>
> ~ Brian Mathis
> @orev
>
>
> On Thu, Nov 19, 2015 at 12:07 PM, Jobst Schmalenbach 
> <jo...@barrett.com.au>
> wrote:
>>
>> Wouldn't it be
>>
>> !/opt/app/dir
>> /opt/app/dir/onefileNORMAL
>>
>>
>> Jobst
>>
>> --
>> Sent from my Mobile.
>>
>>
>> On 19 November 2015 7:29:46 PM AEDT, Brian Mathis 
>> <brian.mathis+a...@betteradmin.com> wrote:
>>>
>>> Thanks for the reply (glad this list isn't completely dead), but I 
>>> think it's pretty clear that I said "all files/dirs in a 
>>> subdirectory" and "without itemizing every file to exclude".  This 
>>> indicates that a specific include/exclude is explicitly not what I'm 
>>> looking for, as the list of things to exclude is not known beforehand.
>>>
>>> ~ Brian Mathis
>>> @orev
>>>
>>>
>>> On Wed, Nov 18, 2015 at 10:47 PM, Shirkdog <shirk...@gmail.com> wrote:
>>>>
>>>> What if you do the specific include/exclude?
>>>>
>>>> /opt/app/dir2/.* NORMAL
>>>> !/opt/app/dir1
>>>> !/opt/app/dir3
>>>>
>>>>
>>>> ---
>>>> Michael Shirk
>>>>
>>>>
>>>> On Wed, Nov 18, 2015 at 12:23 PM, Brian Mathis 
>>>> <brian.mathis+a...@betteradmin.com> wrote:
>>>> > I'm trying to setup some rules that exclude all files/dirs in a 
>>>> > subdirectory except for one, without itemizing every file to 
>>>> > exclude.
>>>> >
>>>> > Example:
>>>> > /opt/app/dir1--> exclude
>>>> > /opt/app/dir2--> include
>>>> > /opt/app/dir3--> exclude
>>>> >
>>>> > I'm trying something like this, but can't seem to get it working:
>>>> &

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Richard Dupuy

I've done something like this with some success:

!/opt/app/dir/[^o][^n][^e][^d][^i][^r][^/]

You might play around with find and grep/egrep to find the "just right" regular 
expression... I've played this game of "exclude all but..." with regular 
expressions before. It's very ugly, but there's *usually a way*, at least with 
extended regular expression syntax.

--Rich Dupuy
  IT Technical Support Consultant
Office of Technology Services
225-219-6026


-Original Message-
From: Aide [mailto:aide-boun...@cs.tut.fi] On Behalf Of Shirkdog
Sent: Thursday, November 19, 2015 10:12 AM
To: Aide user mailinglist
Subject: Re: [Aide] Rules to exclude all files except one

That was the reason for my response, pretty sure your issue has come up before, 
and I have worked around it by automating that process outside of aide.

It is something it should be able to handle, a global white-list of some kind 
for the values you do not want to check.

---
Michael Shirk


On Thu, Nov 19, 2015 at 9:40 AM, Brian Mathis 
<brian.mathis+a...@betteradmin.com> wrote:
> No, that doesn't work because the ! rule still matches the onefile 
> rule, so it is excluded.  This can be seen when running with -V250:
>
> "/opt/app/dir" matches rule from line #131: ^/opt/app/dir
> /opt/app/dir match=0, tree=0x7fc395d8f780, attr=0
> "/opt/app/dir/onefile" matches rule from line #132:
> ^/opt/app/dir/onefile
> "/opt/app/dir/onefile" matches rule from line #131: ^/opt/app/dir
> /opt/app/dir/onefile match=0, tree=0x7fc395d8f780, attr=0
>
> ~ Brian Mathis
> @orev
>
>
> On Thu, Nov 19, 2015 at 12:07 PM, Jobst Schmalenbach 
> <jo...@barrett.com.au>
> wrote:
>>
>> Wouldn't it be
>>
>> !/opt/app/dir
>> /opt/app/dir/onefileNORMAL
>>
>>
>> Jobst
>>
>> --
>> Sent from my Mobile.
>>
>>
>> On 19 November 2015 7:29:46 PM AEDT, Brian Mathis 
>> <brian.mathis+a...@betteradmin.com> wrote:
>>>
>>> Thanks for the reply (glad this list isn't completely dead), but I 
>>> think it's pretty clear that I said "all files/dirs in a 
>>> subdirectory" and "without itemizing every file to exclude".  This 
>>> indicates that a specific include/exclude is explicitly not what I'm 
>>> looking for, as the list of things to exclude is not known beforehand.
>>>
>>> ~ Brian Mathis
>>> @orev
>>>
>>>
>>> On Wed, Nov 18, 2015 at 10:47 PM, Shirkdog <shirk...@gmail.com> wrote:
>>>>
>>>> What if you do the specific include/exclude?
>>>>
>>>> /opt/app/dir2/.* NORMAL
>>>> !/opt/app/dir1
>>>> !/opt/app/dir3
>>>>
>>>>
>>>> ---
>>>> Michael Shirk
>>>>
>>>>
>>>> On Wed, Nov 18, 2015 at 12:23 PM, Brian Mathis 
>>>> <brian.mathis+a...@betteradmin.com> wrote:
>>>> > I'm trying to setup some rules that exclude all files/dirs in a 
>>>> > subdirectory except for one, without itemizing every file to 
>>>> > exclude.
>>>> >
>>>> > Example:
>>>> > /opt/app/dir1--> exclude
>>>> > /opt/app/dir2--> include
>>>> > /opt/app/dir3--> exclude
>>>> >
>>>> > I'm trying something like this, but can't seem to get it working:
>>>> > /opt/app/dir2/.*NORMAL
>>>> > !/opt/app/
>>>> > /EVERYTHING
>>>> > The ! rule always seems to override the dir2 rule.
>>>> >
>>>> > Is there any way to accomplish this with aide?
>>>> >
>>>> > ~ Brian Mathis
>>>> > @orev
>>>> >
>>>> >
>>>> > ___
>>>> > Aide mailing list
>>>> > Aide@cs.tut.fi
>>>> > https://mailman.cs.tut.fi/mailman/listinfo/aide
>>>> >
>>>> ___
>>>> Aide mailing list
>>>> Aide@cs.tut.fi
>>>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>>>
>>>
>>> 
>>>
>>> Aide mailing list
>>> Aide@cs.tut.fi
>>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
>
> ___
> Aide mailing list
> Aide@cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Jobst Schmalenbach

Wouldn't it be

!/opt/app/dir
/opt/app/dir/onefile

Jobst

-- 
Sent from my Mobile.

On 19 November 2015 7:29:46 PM AEDT, Brian Mathis 
 wrote:
>Thanks for the reply (glad this list isn't completely dead), but I
>think
>it's pretty clear that I said "all files/dirs in a subdirectory" and
>"without itemizing every file to exclude".  This indicates that a
>specific
>include/exclude is explicitly not what I'm looking for, as the list of
>things to exclude is not known beforehand.
>
>~ Brian Mathis
>@orev
>
>
>On Wed, Nov 18, 2015 at 10:47 PM, Shirkdog  wrote:
>
>> What if you do the specific include/exclude?
>>
>> /opt/app/dir2/.* NORMAL
>> !/opt/app/dir1
>> !/opt/app/dir3
>>
>>
>> ---
>> Michael Shirk
>>
>>
>> On Wed, Nov 18, 2015 at 12:23 PM, Brian Mathis
>>  wrote:
>> > I'm trying to setup some rules that exclude all files/dirs in a
>> subdirectory
>> > except for one, without itemizing every file to exclude.
>> >
>> > Example:
>> > /opt/app/dir1--> exclude
>> > /opt/app/dir2--> include
>> > /opt/app/dir3--> exclude
>> >
>> > I'm trying something like this, but can't seem to get it working:
>> > /opt/app/dir2/.*NORMAL
>> > !/opt/app/
>> > /EVERYTHING
>> > The ! rule always seems to override the dir2 rule.
>> >
>> > Is there any way to accomplish this with aide?
>> >
>> > ~ Brian Mathis
>> > @orev
>> >
>> >
>> > ___
>> > Aide mailing list
>> > Aide@cs.tut.fi
>> > https://mailman.cs.tut.fi/mailman/listinfo/aide
>> >
>> ___
>> Aide mailing list
>> Aide@cs.tut.fi
>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>>
>
>
>
>
>___
>Aide mailing list
>Aide@cs.tut.fi
>https://mailman.cs.tut.fi/mailman/listinfo/aide
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Shirkdog

That was the reason for my response, pretty sure your issue has come
up before, and I have worked around it by automating that process
outside of aide.

It is something it should be able to handle, a global white-list of
some kind for the values you do not want to check.

---
Michael Shirk


On Thu, Nov 19, 2015 at 9:40 AM, Brian Mathis
 wrote:
> No, that doesn't work because the ! rule still matches the onefile rule, so
> it is excluded.  This can be seen when running with -V250:
>
> "/opt/app/dir" matches rule from line #131: ^/opt/app/dir
> /opt/app/dir match=0, tree=0x7fc395d8f780, attr=0
> "/opt/app/dir/onefile" matches rule from line #132:
> ^/opt/app/dir/onefile
> "/opt/app/dir/onefile" matches rule from line #131: ^/opt/app/dir
> /opt/app/dir/onefile match=0, tree=0x7fc395d8f780, attr=0
>
> ~ Brian Mathis
> @orev
>
>
> On Thu, Nov 19, 2015 at 12:07 PM, Jobst Schmalenbach 
> wrote:
>>
>> Wouldn't it be
>>
>> !/opt/app/dir
>> /opt/app/dir/onefileNORMAL
>>
>>
>> Jobst
>>
>> --
>> Sent from my Mobile.
>>
>>
>> On 19 November 2015 7:29:46 PM AEDT, Brian Mathis
>>  wrote:
>>>
>>> Thanks for the reply (glad this list isn't completely dead), but I think
>>> it's pretty clear that I said "all files/dirs in a subdirectory" and
>>> "without itemizing every file to exclude".  This indicates that a specific
>>> include/exclude is explicitly not what I'm looking for, as the list of
>>> things to exclude is not known beforehand.
>>>
>>> ~ Brian Mathis
>>> @orev
>>>
>>>
>>> On Wed, Nov 18, 2015 at 10:47 PM, Shirkdog  wrote:

 What if you do the specific include/exclude?

 /opt/app/dir2/.* NORMAL
 !/opt/app/dir1
 !/opt/app/dir3


 ---
 Michael Shirk


 On Wed, Nov 18, 2015 at 12:23 PM, Brian Mathis
  wrote:
 > I'm trying to setup some rules that exclude all files/dirs in a
 > subdirectory
 > except for one, without itemizing every file to exclude.
 >
 > Example:
 > /opt/app/dir1--> exclude
 > /opt/app/dir2--> include
 > /opt/app/dir3--> exclude
 >
 > I'm trying something like this, but can't seem to get it working:
 > /opt/app/dir2/.*NORMAL
 > !/opt/app/
 > /EVERYTHING
 > The ! rule always seems to override the dir2 rule.
 >
 > Is there any way to accomplish this with aide?
 >
 > ~ Brian Mathis
 > @orev
 >
 >
 > ___
 > Aide mailing list
 > Aide@cs.tut.fi
 > https://mailman.cs.tut.fi/mailman/listinfo/aide
 >
 ___
 Aide mailing list
 Aide@cs.tut.fi
 https://mailman.cs.tut.fi/mailman/listinfo/aide
>>>
>>>
>>> 
>>>
>>> Aide mailing list
>>> Aide@cs.tut.fi
>>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
>
> ___
> Aide mailing list
> Aide@cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Brian Mathis

No, that doesn't work because the ! rule still matches the onefile rule, so
it is excluded.  This can be seen when running with -V250:

"/opt/app/dir" matches rule from line #131: ^/opt/app/dir
/opt/app/dir match=0, tree=0x7fc395d8f780, attr=0
"/opt/app/dir/onefile" matches rule from line #132:
^/opt/app/dir/onefile
"/opt/app/dir/onefile" matches rule from line #131: ^/opt/app/dir
/opt/app/dir/onefile match=0, tree=0x7fc395d8f780, attr=0

~ Brian Mathis
@orev


On Thu, Nov 19, 2015 at 12:07 PM, Jobst Schmalenbach 
wrote:

> Wouldn't it be
>
> !/opt/app/dir
> /opt/app/dir/onefileNORMAL
>
> Jobst
>
> --
> Sent from my Mobile.
>
>
> On 19 November 2015 7:29:46 PM AEDT, Brian Mathis <
> brian.mathis+a...@betteradmin.com> wrote:
>>
>> Thanks for the reply (glad this list isn't completely dead), but I think
>> it's pretty clear that I said "all files/dirs in a subdirectory" and
>> "without itemizing every file to exclude".  This indicates that a specific
>> include/exclude is explicitly not what I'm looking for, as the list of
>> things to exclude is not known beforehand.
>>
>> ~ Brian Mathis
>> @orev
>>
>>
>> On Wed, Nov 18, 2015 at 10:47 PM, Shirkdog  wrote:
>>
>>> What if you do the specific include/exclude?
>>>
>>> /opt/app/dir2/.* NORMAL
>>> !/opt/app/dir1
>>> !/opt/app/dir3
>>>
>>>
>>> ---
>>> Michael Shirk
>>>
>>>
>>> On Wed, Nov 18, 2015 at 12:23 PM, Brian Mathis
>>>  wrote:
>>> > I'm trying to setup some rules that exclude all files/dirs in a
>>> subdirectory
>>> > except for one, without itemizing every file to exclude.
>>> >
>>> > Example:
>>> > /opt/app/dir1--> exclude
>>> > /opt/app/dir2--> include
>>> > /opt/app/dir3--> exclude
>>> >
>>> > I'm trying something like this, but can't seem to get it working:
>>> > /opt/app/dir2/.*NORMAL
>>> > !/opt/app/
>>> > /EVERYTHING
>>> > The ! rule always seems to override the dir2 rule.
>>> >
>>> > Is there any way to accomplish this with aide?
>>> >
>>> > ~ Brian Mathis
>>> > @orev
>>> >
>>> >
>>> > ___
>>> > Aide mailing list
>>> > Aide@cs.tut.fi
>>> > https://mailman.cs.tut.fi/mailman/listinfo/aide
>>> >
>>> ___
>>> Aide mailing list
>>> Aide@cs.tut.fi
>>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>>>
>>
>> --
>>
>> Aide mailing list
>> Aide@cs.tut.fi
>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>>
>>
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

Re: [Aide] Rules to exclude all files except one

2015-11-18 Thread Shirkdog

What if you do the specific include/exclude?

/opt/app/dir2/.* NORMAL
!/opt/app/dir1
!/opt/app/dir3


---
Michael Shirk


On Wed, Nov 18, 2015 at 12:23 PM, Brian Mathis
 wrote:
> I'm trying to setup some rules that exclude all files/dirs in a subdirectory
> except for one, without itemizing every file to exclude.
>
> Example:
> /opt/app/dir1--> exclude
> /opt/app/dir2--> include
> /opt/app/dir3--> exclude
>
> I'm trying something like this, but can't seem to get it working:
> /opt/app/dir2/.*NORMAL
> !/opt/app/
> /EVERYTHING
> The ! rule always seems to override the dir2 rule.
>
> Is there any way to accomplish this with aide?
>
> ~ Brian Mathis
> @orev
>
>
> ___
> Aide mailing list
> Aide@cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

Re: [Aide] Rules to exclude all files except one

Re: [Aide] Rules to exclude all files except one

Re: [Aide] Rules to exclude all files except one

Re: [Aide] Rules to exclude all files except one

Re: [Aide] Rules to exclude all files except one

Re: [Aide] Rules to exclude all files except one

Re: [Aide] Rules to exclude all files except one

Re: [Aide] Rules to exclude all files except one

Re: [Aide] Rules to exclude all files except one

Re: [Aide] Rules to exclude all files except one

Re: [Aide] Rules to exclude all files except one

11 matches

Site Navigation

Mail list logo

Footer information