Hi,
The module file_integrity
takes a list of file path, which is useful for binary and configuration file monitoring, but generic users file cannot be monitored otherwise than with the option recursive
enable.
Is there, any chance that argument path
can be interpreted as a regular expression to ease file under /home/<username>
to be monitored or is there another way to monitor these file (without the full file path)?
For example, monitoring file such as: ~/.ssh/authorized_keys
for all users would take the following configuration:
- module: file_integrity
paths:
- /bin
- /etc
- \/home\/.*\/\.ssh\/authorized_keys
PCRE2 regexp format used above...
Thank in advance for your support.