There is no specific rule for /var/lib/locate in your config. Are you sure the @@ifhost matches? Take this out while testing.
> Looking this over and running the scan this doesn't seem to be working. It > doesn't seem to be targeting the specific rules such as /var/lib/locate and > then scanning everything else with the broader rule / customtest1. I'm > confused. Am I misunderstanding the documentation on this? Please advise. > > On Sep 6, 2013 6:36 AM, "Mason Nakadomari" <[email protected]> wrote: >> Hi any help or confirmation would be appreciated. Thank you for your time >> thanks. >> >> On Sep 5, 2013 11:15 AM, "Mason Nakadomari" <[email protected]> wrote: >>> >>> I've looking over the manual and I wanted to check if my understanding s >>> correct. my understanding is that if I want to search individual >>> directories with a less general rule like CUSTOMTEST6 but still scan >>> everything else using a general rule like CUSTOMTEST1 that I would use >>> something like the below. >>> CUSTOMTEST5 = p+u+g+acl+selinux >>> CUSTOMTEST6 = L >>> CUSTOMTEST1 = p+i+u+g+m+acl+selinux+md5 >>> @@ifhost aid70 >>> =/var/log$ CUSTOMTEST6 >>> /var/log/.* CUSTOMTEST5 >>> /var/spool/.* CUSTOMTEST5 >>> /var/lib/mlocate$ CUSTOMTEST6 >>> /var/lib/mlocate/mlocate.db$ CUSTOMTEST5 >>> /var/lib/rpm/__db.00* CUSTOMTEST6 >>> /var/lib/logrotate.status$ CUSTOMTEST6 >>> /var/lib/readahead/early.sorted$ CUSTOMTEST6 >>> / CUSTOMTEST1 >>> !/var/tmp/.* >>> !/tmp/.* >>> !/sys/.* >>> !/dev/.* >>> !/proc/.* >>> @@endif >>> >>> I looked at a lot of examples and this is what I came up with. Is this not >>> correct. I've also been playing around with more specific and drawn out >>> rules but I wanted something as simple as possible so others can edit and >>> add new rules. > _______________________________________________ > Aide mailing list > [email protected] > https://mailman.cs.tut.fi/mailman/listinfo/aide
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
