-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
rhel-8.7.0
-
None
-
Important
-
rhel-sst-security-special-projects
-
ssg_security
-
None
-
False
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
All
-
None
Description of problem:
A customer wants to exclude a directory in general but include some items under a subdirectory.
The aide.conf(5) manpage shows such example:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Add all but directory entries to the database:
!/run d
/run R
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Trying the example on my system (and removing everything else for clarity), as soon as "!/run d" is specified, nothing gets collected under "/run":
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
- aide -i
[...]
Number of entries: 0
[...]-
-
-
-
-
-
- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
-
-
-
-
-
-
If I remove "!/run d", then files are collected:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
- aide -i
[...]
Number of entries: 585
[...]-
-
-
-
-
-
- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
-
-
-
-
-
-
It hence looks like exclusion gets precedence and there is no way to achieve what we want here.
Version-Release number of selected component (if applicable):
aide-0.16-14.el8_5.1.x86_64
How reproducible:
Always
Steps to Reproduce:
1. Remove all rules starting from "# Next decide what directories/files you want in the database." comment
2. Add rules on /run
!/run d
/run R
3. Initialize the database
Actual results:
No file entry saved in database
Expected results:
A certain number of file entries saved in database
