Hi, I have been using aide for more than 20 years now, and for almost as long, I maintain the aide rules that come with the Debian package.
In the package, we traditionally used attribute group names describing the attributes, like, for example: Checksums = H OwnerMode = p+u+g+ftype Size = s+b InodeData = OwnerMode+n+i+Size+l+X RamdiskData = InodeData-i VarTime = InodeData+Checksums VarInode = VarTime-i VarDir = OwnerMode+n+i+X VarDirInode = OwnerMode+n+X Many of those names that have been in used for decades are misnomers. I think this could be easier to understand with a new naming scheme. I think it might be better if our attribute group names would actually describe what a file is being used for, like we have in part for log files already: Log = OwnerMode+n+S+X LowLog = Log-S SerMemberLog = Full+I LoSerMemberLog = SerMemberLog+ANF HiSerMemberLog = SerMemberLog+ARF What kind of things do we need to find rules for? I have come up with the following RandomAccessDataFile, StateFile - a file that changes contents and mtime randomly during normal operation of the system, such as an sqlite data file, a virus pattern file, an apt Packages file, or an aide database file GrowingDataFile (alias: Log) - a file that grows, and once written, the beginning of the file never changes. aide does not have a way to express this yet, so this would probably start off as being an alias for RandomAccessDataFile TransientDataFile, TemporaryDataFile, PidFile, LockFile - a file that appears and vanishes as necessary, and changes it contents during its existence. AppearingDataFile - a file that appears, but once present, does not change contents. TransientMarkerFile - a file that appears and vanishes as necessary, but if present, does not change contents. GeneratedConfigFile - a file that gets recreated every time the system boots or a service is restarted, but does not change contents (Compiled and generated configuration in /run). DataDir - A directory that contain a fixed number of files, but the files in the directory change ChangingDataDir - A directory that contains an ever changing number of files RunDir - A directory in /run that gets recreated every time the system boots What did I miss? I'd like to hear your input. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 _______________________________________________ Aide mailing list [email protected] https://www.ipi.fi/mailman/listinfo/aide
