Your config looks fine in general. http://www.cs.tut.fi/~rammer/aide/manual.html#config explains all there is the know about the config rules.
> /var/lib/mlocate is the rule sorry I made a typo. I apologize. But am I > correct in my understanding of how aide works? Thank you very much. > > On Sep 6, 2013 9:15 PM, "Richard van den Berg" <[email protected]> wrote: >> There is no specific rule for /var/lib/locate in your config. >> >> Are you sure the @@ifhost matches? Take this out while testing. >> >>> Looking this over and running the scan this doesn't seem to be working. It >>> doesn't seem to be targeting the specific rules such as /var/lib/locate and >>> then scanning everything else with the broader rule / customtest1. I'm >>> confused. Am I misunderstanding the documentation on this? Please advise. >>> >>> On Sep 6, 2013 6:36 AM, "Mason Nakadomari" <[email protected]> wrote: >>>> Hi any help or confirmation would be appreciated. Thank you for your time >>>> thanks. >>>> >>>> On Sep 5, 2013 11:15 AM, "Mason Nakadomari" <[email protected]> wrote: >>>>> >>>>> I've looking over the manual and I wanted to check if my understanding s >>>>> correct. my understanding is that if I want to search individual >>>>> directories with a less general rule like CUSTOMTEST6 but still scan >>>>> everything else using a general rule like CUSTOMTEST1 that I would use >>>>> something like the below. >>>>> CUSTOMTEST5 = p+u+g+acl+selinux >>>>> CUSTOMTEST6 = L >>>>> CUSTOMTEST1 = p+i+u+g+m+acl+selinux+md5 >>>>> @@ifhost aid70 >>>>> =/var/log$ CUSTOMTEST6 >>>>> /var/log/.* CUSTOMTEST5 >>>>> /var/spool/.* CUSTOMTEST5 >>>>> /var/lib/mlocate$ CUSTOMTEST6 >>>>> /var/lib/mlocate/mlocate.db$ CUSTOMTEST5 >>>>> /var/lib/rpm/__db.00* CUSTOMTEST6 >>>>> /var/lib/logrotate.status$ CUSTOMTEST6 >>>>> /var/lib/readahead/early.sorted$ CUSTOMTEST6 >>>>> / CUSTOMTEST1 >>>>> !/var/tmp/.* >>>>> !/tmp/.* >>>>> !/sys/.* >>>>> !/dev/.* >>>>> !/proc/.* >>>>> @@endif >>>>> >>>>> I looked at a lot of examples and this is what I came up with. Is this >>>>> not correct. I've also been playing around with more specific and drawn >>>>> out rules but I wanted something as simple as possible so others can edit >>>>> and add new rules. >>> _______________________________________________ >>> Aide mailing list >>> [email protected] >>> https://mailman.cs.tut.fi/mailman/listinfo/aide >> >> _______________________________________________ >> Aide mailing list >> [email protected] >> https://mailman.cs.tut.fi/mailman/listinfo/aide > _______________________________________________ > Aide mailing list > [email protected] > https://mailman.cs.tut.fi/mailman/listinfo/aide
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
