Marc Haber <[EMAIL PROTECTED]> wrote: > On Sat, Nov 24, 2007 at 08:04:54PM -0800, Bill Wohler wrote: > > Marc Haber <[EMAIL PROTECTED]> wrote: > > > Care to submit your rules for inclusion in the aide packages? > > > > I will be glad to do so once I stop editing them :-). > > Great! Looking forward!
Just wanted to let you know that I'm still working on them a little bit at a time and will let you know when I'm comfortable with them. > > I've just installed 0.13.1-8 with apt-get source. Unfortunately, as > > reported in #442214, I always get the following report: > > > > removed: /var/log/aide/aide.log.6.gz > > > > Once that message goes away, I'll be able to determine if this upgrade > > closed this issue for me. > > Try changing /etc/aide/aide.conf.d/31_aide_aide to read: > /var/log/aide/aide\.log(\.0)?$ LowLogs > /var/log/aide/aide\.log\.1\.gz$ RotatedLogs+ANF > /var/log/aide/aide\.log\.[2345]\.gz$ RotatedLogs > /var/log/aide/aide\.log\.6\.gz$ RotatedLogs+ARF I see the pattern here. I applied these in my files, but I still get false alarms after a fashion. I'm still looking into it (albeit slowly). I haven't made a small test case yet in hopes that I'll get the rules right and because I never have time to set it up, but I may punt and do so at some point. Thanks for your patience. -- Bill Wohler <[EMAIL PROTECTED]> http://www.newt.com/wohler/ GnuPG ID:610BD9AD -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
