I'm trying to configure aide to ignore everything in a directory structure except a specific subdirectory. In the generic config file, they show:
# These are too volatile.
!/usr/src/
!/usr/tmp/
# Otherwise get all of /usr.
/usr/ CONTENT_EX
I'm trying to exclude a dir:
!/a/b/c/
and then monitor:
/a/b/c/d/e/f/g/h/i/
so far, I've been unable to get aide to flag new or removed files in that subdirectory. I'd like to avoid having to ignore everything except .../d/.. because that could get ugly as the number of subdirs at each of those lower layers can be extreme.
Anyone faced anything similar and have a nice simple functional syntax?
Thanks
Doug O'Leary
I came up with an answer. Not sure if it's the right answer, but it is functional.
Short version: rather than generating one size fits call aide configs, I have one for the general system, and another one for the specific dirs that I need to monitor (got to love sox). The added benefit is that the small one runs blindingly fast. Wrapping process around two aide runs shouldn't be that much more difficult than one.
Thanks
Doug O'Leary