search

Achiefs / fim

FIM is an Open Source Host-based file integrity monitoring tool that performs file system analysis, file integrity checking, real time alerting and provides Audit daemon data.
https://achiefs.com
GNU General Public License v3.0
136 stars 15 forks source link

Hability to exclude folders #153

Closed amarce closed 7 months ago

amarce commented 7 months ago

Hi,

We are testing FIM in one KVM hypervisor with libvirt; we are monitoring entire /etc, but when you add a VM, a file inside /etc/libvirt/qemu is being created, would be nice that the exclude filter uses the full path for the files and not only the name to be able to exclude folders, something like:

- path: /etc/ labels: ["etc", "linux"] ignore: ["/etc/libvirt/qemu"]

Maybe I am missing or overlooking at something and could be already done.

Thanks a lot!

okynos commented 7 months ago

Hello @amarce,

One possible solution is to specify each required path to monitor inside /etc folder. Another way is to set a pattern of created files by qemu in the ignore field.

Anyway, I wan to include this matter in the next release. Thanks for your feedback.

amarce commented 7 months ago

Hi Jose,

Thanks for the hint; this is what we would do, exclude the file names but if everyone uses this name schema on any other folder it won’t be tracked. On the other hand adding all etc subfolders will be a bit of a work.

Thanks for looking into it!