Hello, I am a question about the aide matching algorithm. Is it using the first match?
I am asking because I have encountered that with the following config file /etc/ p+md5 /etc/passwd p+md5+sha1 the sha1 checksum is actually not stored in the aide database while it is stored when the lines switched. Is that by design? In the aide manual I have found following sentence: "As it can also be seen, equals selection lines are only checked in the first recursion step, thus providing some kind of speed optimization by reducing the number of necessary regular expression evaluations, which is a quite expensive operation." but I am not sure if it explains the behaviour I am observing. Moreover, even the official configuration examples are ordering file paths in the 'from top to bottom' order which would be really confusing if aide is supposed to work the way it works now. I have checked both aide v0.14 and v0.15.1, both behave the same way. Best regards, Karel Srot
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
