Add explanatory comment for /boot/grub2/grubenv exclusion

Document why /boot/grub2/grubenv is excluded from AIDE monitoring.  The
file's timestamp gets modified continuously due to the "boot_success"
implementation, which would cause unnecessary noise in security
monitoring reports.
Do not monitor link count in /var/log/journal

Resolves: RHEL-39970

aide.conf

@@ -246,8 +246,9 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256
 
 # Log directory
 /var/log LOG
-# Journal files - exclude xattrs due to systemd journal's user.crtime_usec extended attribute changes
-/var/log/journal LOG-xattrs
+# Journal files - exclude xattrs and link count due to systemd journal's user.crtime_usec extended attribute changes and new directory creation
+/var/log/journal LOG-xattrs-n
+
 
 /var/run/utmp LOG
 
@@ -363,4 +364,6 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256
 #=/home           DIR
 
 # Ditto /var/log/sa reason...
-!/var/log/httpd
+!/var/log/httpd
+# /boot/grub2/grubenv's timestamp is getting modified continuously due to "boot_success" implementation
+!/boot/grub2/grubenv

aide.spec

@@ -1,7 +1,7 @@
 Summary:        Intrusion detection environment
 Name:           aide
 Version:        0.19.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 URL:            https://github.com/aide/aide
 License:        GPL-2.0-or-later
 Source0:        %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz
@@ -79,6 +79,11 @@ install -Dpm0644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/aide.conf
 %{_tmpfilesdir}/aide.conf
 
 %changelog
+* Thu Oct 09 2025 Attila Lakatos <alakatos@redhat.com> - 0.19.2-3
+- /boot/grub2/grubenv is excluded from check due to boot_success implementation
+- Do not monitor link count in /var/log/journal
+Resolves: RHEL-39970
+
 * Thu Sep 25 2025 Attila Lakatos <alakatos@redhat.com> - 0.19.2-2
 - Modernize aide config file
 Resolves: RHEL-39970