<rule id="100022" level="0"> <if_sid>509</if_sid> <match>/var/lib/docker/aufs/mnt</match> <description>Ignore alerts for this file as a rootcheck alert is triggered because of the file permissions required.</description> </rule> <rule id="100023" level="0"> <if_sid>510</if_sid> <match>/var/lib/docker/aufs/mnt</match> <description>Ignore alerts for this file as a rootcheck alert is triggered because of the file permissions required.</description> </rule>
and
<rule id="100022" level="0"> <if_sid>509</if_sid> <match>/var/lib/docker/aufs/mnt/*</match> <description>Ignore alerts for this file as a rootcheck alert is triggered because of the file permissions required.</description> </rule> <rule id="100023" level="0"> <if_sid>510</if_sid> <match>/var/lib/docker/aufs/mnt/*</match> <description>Ignore alerts for this file as a rootcheck alert is triggered because of the file permissions required.</description> </rule>
Can anyone point us in the right direction please? I believe we've used match for a single directory before (successfully), but never on a directory that has several layers of sub-directories.
Thanks,
Tom