Exclude /run from AIDE checks

The /run directory contains items that change frequently and often change when services start/stop or the system reboots. This patch excludes the /run directory from AIDE checks. Closes-bug: 1617343 Change-Id: Ic915d4821c8a90c613c5822c6d54c2f7ab54da16
2016-08-26 09:17:18 -05:00 · 2016-08-26 09:17:18 -05:00 · 129e629254
commit 129e629254
parent 77a30e0023
2 changed files with 7 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -39,6 +39,7 @@ security_package_state: "latest"
 security_aide_exclude_dirs:
  - /openstack
  - /opt
+  - /run
  - /var
 #
 # By default, the AIDE database won't be initialized immediately since it can
--- a/releasenotes/notes/aide-exclude-run-4d3c97a2d08eb373.yaml
+++ b/releasenotes/notes/aide-exclude-run-4d3c97a2d08eb373.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    The ``/run`` directory is excluded from AIDE checks since the files and
+    directories there are only temporary and often change when services
+    start and stop.