Adjust default config to avoid false positives in /etc

Resolves: RHEL-39970

aide.conf

@@ -126,7 +126,7 @@ CONTENT = ftype+sha512
 DIR = ftype+p+i+l+n+u+g+acl+selinux+xattrs
 
 # Access control only - added file type and link name
-PERMS = ftype+p+i+l+u+g+acl+selinux
+PERMS = ftype+p+u+g+acl+selinux+xattrs
 
 # Logfiles are special, in that they often change due to log rotation
 # Track only: permissions, file type, user, group, number of links, SELinux context, extended attributes
@@ -159,7 +159,6 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256
 
 # Check only permissions, inode, user and group for /etc, but
 # cover some important files closely.
-/etc    PERMS
 !/etc/mtab
 # Ignore backup files
 !/etc/.*~
@@ -352,6 +351,9 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256
 # USBGuard
 /etc/usbguard NORMAL
 
+# Now everything else
+/etc    PERMS
+
 # This gets new/removes-old filenames daily
 !/var/log/sa
 # As we are checking it, we've truncated yesterdays size to zero.

aide.spec

@@ -1,7 +1,7 @@
 Summary:        Intrusion detection environment
 Name:           aide
 Version:        0.19.2
-Release:        3%{?dist}
+Release:        4%{?dist}
 URL:            https://github.com/aide/aide
 License:        GPL-2.0-or-later
 Source0:        %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz
@@ -79,6 +79,10 @@ install -Dpm0644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/aide.conf
 %{_tmpfilesdir}/aide.conf
 
 %changelog
+* Wed Oct 15 2025 Attila Lakatos <alakatos@redhat.com> - 0.19.2-4
+- Adjust default config to avoid false positives in /etc
+Resolves: RHEL-39970
+
 * Thu Oct 09 2025 Attila Lakatos <alakatos@redhat.com> - 0.19.2-3
 - /boot/grub2/grubenv is excluded from check due to boot_success implementation
 - Do not monitor link count in /var/log/journal