diff --git a/aide.conf b/aide.conf
index 0ec4c0c..56ba1da 100644
--- a/aide.conf
+++ b/aide.conf
@@ -126,7 +126,7 @@ CONTENT = ftype+sha512
 DIR = ftype+p+i+l+n+u+g+acl+selinux+xattrs
 
 # Access control only - added file type and link name
-PERMS = ftype+p+i+l+u+g+acl+selinux
+PERMS = ftype+p+u+g+acl+selinux+xattrs
 
 # Logfiles are special, in that they often change due to log rotation
 # Track only: permissions, file type, user, group, number of links, SELinux context, extended attributes
@@ -159,7 +159,6 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256
 
 # Check only permissions, inode, user and group for /etc, but
 # cover some important files closely.
-/etc    PERMS
 !/etc/mtab
 # Ignore backup files
 !/etc/.*~
@@ -352,6 +351,9 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256
 # USBGuard
 /etc/usbguard NORMAL
 
+# Now everything else
+/etc    PERMS
+
 # This gets new/removes-old filenames daily
 !/var/log/sa
 # As we are checking it, we've truncated yesterdays size to zero.