I recently install aide-0.11 and am currently testing it for our
application. Something that is confusing me though is how the rules are
applied and if they supercede the previous rule. For example, if I use
the rules in aide.conf:
/ p+u+g
/etc p+u+g+m+i+s
Does the first rule take precedent so that the m, i, and s, switches are
ignored for /etc? OR, if I use:
/ R+a
/etc p+u+g+s
do the m, c, and md5 (as well as others included with R) still apply to
files in /etc?
Can I use something like:
/ R+a
/etc -m-c-md5
to have it not track that data for files in /etc but still track
permissions, user, group, etc?
Any assistance in clarifying my understanding would be greatly appreciated.
Thanks,
Randy
begin:vcard
fn:Randy Brown
n:Brown;Randy
org:NOAA/National Weather Service;Office of Hydrologic Development
adr;dom:;;1325 East West Highway;Silver Spring;MD;20910
email;internet:[EMAIL PROTECTED]
title:Systems Administrator
tel;work:301-713-1669 x110
tel;cell:443-794-6818
url:http://www.nws.noaa.gov/ohd
version:2.1
end:vcard
_______________________________________________
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
