tags 1103432 +unreproducible +moreinfo thanks Hi,
On Thu, Apr 17, 2025 at 02:06:41PM +0000, sai.sathuj...@toshiba-tsip.com wrote: > In case of bullseye (17.0.3), when I tried to add a file under a symlink > directory (/lib) which points to (/usr/lib), and initialized aide database, > I noticed that in case of bullseye it took that as an entry, you can see that > in number of entries. AIDE does not follow symlinks and your described behaviour with bullseye would be unexpected. I tried to reproduce the behaviour with AIDE 0.17.3 and was unable to reproduce it: $ mkdir root/ root/target ; touch root/target/test ; ln -s target root/link $ aide --config <(printf "database_out=file:/dev/null\nroot_prefix=./root\nreport_detailed_init=true\nreport_level=added_removed_entries\n/ s\n") --init Start timestamp: 2025-04-18 07:45:43 +0200 (AIDE 0.17.3) AIDE initialized database at /dev/null Root prefix: ./root | Report level: added_removed_entries Number of entries: 4 --------------------------------------------------- Added entries: --------------------------------------------------- d++++++++++++: / l++++++++++++: /link d++++++++++++: /target f++++++++++++: /target/test --------------------------------------------------- Detailed information about changes: --------------------------------------------------- Directory: / Size : 80 Link: /link Size : 6 Directory: /target Size : 60 File: /target/test Size : 0 --------------------------------------------------- The attributes of the (uncompressed) database(s): --------------------------------------------------- [...] End timestamp: 2025-04-18 07:45:43 +0200 (run time: 0m 0s) As you can see in the report output the link is not followed and the test file is only added in the target directory. Please try to reproduce the behaviour with the example above. Can you please also provide the output of `ls -l /lib` on both machines to ensure /lib is actually a symlink to /usr/lib ? Best regards Hannes
