Re: [Aide] Rules to exclude all files except one

2016-02-27 Thread Hannes von Haugwitz
Hi, On Fri, Nov 20, 2015 at 05:15:50PM +0100, Hannes von Haugwitz wrote: > On Fri, Nov 20, 2015 at 11:37:24AM +0100, Brian Mathis wrote: > > Maybe full PCREs would be nice for the next version of AIDE. > > > > I currently evaluate this for the next alpha version. The latest git commit[0] now

Re: [Aide] Rules to exclude all files except one

2015-11-20 Thread Brian Mathis
I noticed that the aide binary (on centos 7) is linked with libpcre, but perlish regexes don't seem to work. A negative look-ahead assertion would accomplish it if full pcre was actually in use: !/opt/app/dir/(?!onedir).* Maybe full PCREs would be nice for the next version of AIDE. ~ Brian

Re: [Aide] Rules to exclude all files except one

2015-11-20 Thread Hannes von Haugwitz
Hi, On Fri, Nov 20, 2015 at 11:37:24AM +0100, Brian Mathis wrote: > I noticed that the aide binary (on centos 7) is linked with libpcre, but > perlish regexes don't seem to work. A negative look-ahead assertion would > accomplish it if full pcre was actually in use: >

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Brian Mathis
Thanks for the reply (glad this list isn't completely dead), but I think it's pretty clear that I said "all files/dirs in a subdirectory" and "without itemizing every file to exclude". This indicates that a specific include/exclude is explicitly not what I'm looking for, as the list of things to

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Richard Dupuy
mailinglist Subject: Re: [Aide] Rules to exclude all files except one I've done something like this with some success: !/opt/app/dir/[^o][^n][^e][^d][^i][^r][^/] You might play around with find and grep/egrep to find the "just right" regular expression... I've played

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Richard Dupuy
To: Aide user mailinglist Subject: Re: [Aide] Rules to exclude all files except one I've done something like this with some success: !/opt/app/dir/[^o][^n][^e][^d][^i][^r][^/] You might play around with find and grep/egrep to find the "just right" regular expression... I

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Richard Dupuy
ember 19, 2015 10:12 AM To: Aide user mailinglist Subject: Re: [Aide] Rules to exclude all files except one That was the reason for my response, pretty sure your issue has come up before, and I have worked around it by automating that process outside of aide. It is something it should be able

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Jobst Schmalenbach
Wouldn't it be !/opt/app/dir /opt/app/dir/onefile Jobst -- Sent from my Mobile. On 19 November 2015 7:29:46 PM AEDT, Brian Mathis wrote: >Thanks for the reply (glad this list isn't completely dead), but I >think >it's pretty clear that I said "all

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Shirkdog
That was the reason for my response, pretty sure your issue has come up before, and I have worked around it by automating that process outside of aide. It is something it should be able to handle, a global white-list of some kind for the values you do not want to check. --- Michael Shirk On

Re: [Aide] Rules to exclude all files except one

2015-11-19 Thread Brian Mathis
No, that doesn't work because the ! rule still matches the onefile rule, so it is excluded. This can be seen when running with -V250: "/opt/app/dir" matches rule from line #131: ^/opt/app/dir /opt/app/dir match=0, tree=0x7fc395d8f780, attr=0 "/opt/app/dir/onefile" matches rule from

Re: [Aide] Rules to exclude all files except one

2015-11-18 Thread Shirkdog
What if you do the specific include/exclude? /opt/app/dir2/.* NORMAL !/opt/app/dir1 !/opt/app/dir3 --- Michael Shirk On Wed, Nov 18, 2015 at 12:23 PM, Brian Mathis wrote: > I'm trying to setup some rules that exclude all files/dirs in a subdirectory >