Hi any help or confirmation would be appreciated. Thank you for your time thanks. On Sep 5, 2013 11:15 AM, "Mason Nakadomari" <[email protected]> wrote:
> > I've looking over the manual and I wanted to check if my understanding s > correct. my understanding is that if I want to search individual > directories with a less general rule like CUSTOMTEST6 but still scan > everything else using a general rule like CUSTOMTEST1 that I would use > something like the below. > CUSTOMTEST5 = p+u+g+acl+selinux > CUSTOMTEST6 = L > CUSTOMTEST1 = p+i+u+g+m+acl+selinux+md5 > @@ifhost aid70 > =/var/log$ CUSTOMTEST6 > /var/log/.* CUSTOMTEST5 > /var/spool/.* CUSTOMTEST5 > /var/lib/mlocate$ CUSTOMTEST6 > /var/lib/mlocate/mlocate.db$ CUSTOMTEST5 > /var/lib/rpm/__db.00* CUSTOMTEST6 > /var/lib/logrotate.status$ CUSTOMTEST6 > /var/lib/readahead/early.sorted$ CUSTOMTEST6 > / CUSTOMTEST1 > !/var/tmp/.* > !/tmp/.* > !/sys/.* > !/dev/.* > !/proc/.* > @@endif > > I looked at a lot of examples and this is what I came up with. Is this not > correct. I've also been playing around with more specific and drawn out > rules but I wanted something as simple as possible so others can edit and > add new rules. >
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
