Linux AIDE regular expression does not match file

Question

I am using Linux aide to watch files that change. There are some files that I do not want to get checked, as they are frequently changed and not important.

/root/.cpanel/datastore/Cpanel::Net::Whois::IP::Cached_109.178.128.244

I want to exclude the files, so I used the following rule in my config file (aide.conf):

!/root/\.cpanel/datastore/Cpanel::Net::Whois::IP::Cached_\d{3}\.\d{3}\.\d{3}\.\d{2,3}$

I tested it with https://regex101.com/ and it matches the file.

AIDE includes the files added to the daily report. Does anyone have any idea why?

I would rather not use rules like !/root/.cpanel/datastore/, since there may be files included that do not follow the pattern and I would like to get notified about them.

score 1 · Accepted Answer · answered Feb 19 '24 at 10:00

Your regexp uses \d to match numbers. This sequence is specific for PCRE regular expressions. AIDE started using the PCRE library with version 0.16. Previous versions of AIDE used the GNU regex library which supports POSIX regular expressions. Use [0-9] instead of \d to match numbers.

Linux AIDE regular expression does not match file

1 Answers1