A question on the general list popped up about the following 1 line config:
This will produce a 1 line database, but when running aide --check or
--update), all files in /bin are reported as added. I've found the code
responsible for this: in gen_list.c when a check or diff is requested,
the new tree is first populated from the old db by calling
add_file_to_tree() with the status flag set to NODE_ADD_CHILDREN.
Removing this flag yields the expected behavior in the above case, but I
am not sure what it might break.
Can one of the original authors explain why the NODE_ADD_CHILDREN was
introduced, and if it is still required? If you can tell me the
situations where it is needed, I can do some tests myself.
I've attached a patch for removing the NODE_ADD_CHILDREN flag from the
calls to add_file_to_tree().
Richard van den Berg