From 2c728393b96d81ceebb632676aa6eb21e1b962b0 Mon Sep 17 00:00:00 2001
From: Vincent Shen <wenshen@redhat.com>
Date: Wed, 29 May 2024 09:43:27 -0700
Subject: [PATCH] OCPBUGS-31257: Exclude additional files in default aide conf

We are going to exlucde following in the default aide conf:
!/hostroot/etc/cni/multus/certs for the OVN-Kubernetes CNI
!/hostroot/etc/kubernetes/compliance-operator for the Compliance Operator check runtime kubeletconfig
!/hostroot/etc/kubernetes/node-feature-discovery for the Node Feature Discovery Operator
---
 pkg/controller/fileintegrity/config_defaults.go | 3 +++
 tests/e2e/helpers.go                            | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/pkg/controller/fileintegrity/config_defaults.go b/pkg/controller/fileintegrity/config_defaults.go
index 889a98f7..fc8d8767 100644
--- a/pkg/controller/fileintegrity/config_defaults.go
+++ b/pkg/controller/fileintegrity/config_defaults.go
@@ -52,6 +52,9 @@ CONTENT_EX = sha512+ftype+p+u+g+n+acl+selinux+xattrs
 !/hostroot/etc/machine-config-daemon/node-annotation.json*
 !/hostroot/etc/pki/ca-trust/extracted/java/cacerts$
 !/hostroot/etc/cvo/updatepayloads
+!/hostroot/etc/cni/multus/certs
+!/hostroot/etc/kubernetes/compliance-operator
+!/hostroot/etc/kubernetes/node-feature-discovery
 
 # Catch everything else in /etc
 /hostroot/etc/    CONTENT_EX`
diff --git a/tests/e2e/helpers.go b/tests/e2e/helpers.go
index 328d0397..76ffbd4f 100644
--- a/tests/e2e/helpers.go
+++ b/tests/e2e/helpers.go
@@ -130,6 +130,9 @@ CONTENT_EX = sha512+ftype+p+u+g+n+acl+selinux+xattrs
 !/hostroot/etc/machine-config-daemon/currentconfig$
 !/hostroot/etc/pki/ca-trust/extracted/java/cacerts$
 !/hostroot/etc/cvo/updatepayloads
+!/hostroot/etc/cni/multus/certs
+!/hostroot/etc/kubernetes/compliance-operator
+!/hostroot/etc/kubernetes/node-feature-discovery
 
 # Catch everything else in /etc
 /hostroot/etc/    CONTENT_EX`