Karel, Looking at the way I have my configs, you do want the more specific rules above the more generic rules.
Regards, Keith Constable On Fri, Mar 4, 2016 at 3:02 AM, Karel Šrot <[email protected]> wrote: > Hello, > > I am a question about the aide matching algorithm. Is it using the first > match? > > I am asking because I have encountered that with the following config file > > /etc/ p+md5 > /etc/passwd p+md5+sha1 > > the sha1 checksum is actually not stored in the aide database while it is > stored when the lines switched. > > Is that by design? In the aide manual I have found following sentence: > > "As it can also be seen, equals selection lines are only checked in the > first recursion step, thus providing some kind of speed optimization by > reducing the number of necessary regular expression evaluations, which is a > quite expensive operation." > > but I am not sure if it explains the behaviour I am observing. Moreover, > even the official configuration examples are ordering file paths in the > 'from top to bottom' order which would be really confusing if aide is > supposed to work the way it works now. > > I have checked both aide v0.14 and v0.15.1, both behave the same way. > > Best regards, > Karel Srot > > _______________________________________________ > Aide mailing list > [email protected] > https://mailman.cs.tut.fi/mailman/listinfo/aide > _______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
