Bug 2165013
| Summary: | aide excludes everything under specified directory even when a pattern matches | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Renaud Métrich <rmetrich> |
| Component: | aide | Assignee: | Radovan Sroka <rsroka> |
| Status: | CLOSED MIGRATED | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 8.7 | CC: | dapospis |
| Target Milestone: | rc | Keywords: | MigratedToJIRA, Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-08-16 15:18:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This bug is going to be migrated. Contact point for migration questions or issues: rsroka Guidance for Bugzilla users to test their Jira account or create one if needed: https://redhat.service-now.com/help?id=kb_article_view&sysparm_article=KB0016394 https://redhat.service-now.com/help?id=kb_article_view&sysparm_article=KB0016694 https://redhat.service-now.com/help?id=kb_article_view&sysparm_article=KB0016774 |
Description of problem: A customer wants to exclude a directory in general but include some items under a subdirectory. The aide.conf(5) manpage shows such example: -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- Add all but directory entries to the database: !/run d /run R -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- Trying the example on my system (and removing everything else for clarity), as soon as "!/run d" is specified, nothing gets collected under "/run": -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- # aide -i [...] Number of entries: 0 [...] -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- If I remove "!/run d", then files are collected: -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- # aide -i [...] Number of entries: 585 [...] -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- It hence looks like exclusion gets precedence and there is no way to achieve what we want here. Version-Release number of selected component (if applicable): aide-0.16-14.el8_5.1.x86_64 How reproducible: Always Steps to Reproduce: 1. Remove all rules starting from "# Next decide what directories/files you want in the database." comment 2. Add rules on /run !/run d /run R 3. Initialize the database Actual results: No file entry saved in database Expected results: A certain number of file entries saved in database