diff --git a/defaults/main.yml b/defaults/main.yml
index 0f22e0fa..703bc441 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -39,6 +39,7 @@ security_package_state: "latest"
 security_aide_exclude_dirs:
   - /openstack
   - /opt
+  - /run
   - /var
 #
 # By default, the AIDE database won't be initialized immediately since it can
diff --git a/releasenotes/notes/aide-exclude-run-4d3c97a2d08eb373.yaml b/releasenotes/notes/aide-exclude-run-4d3c97a2d08eb373.yaml
new file mode 100644
index 00000000..0674f351
--- /dev/null
+++ b/releasenotes/notes/aide-exclude-run-4d3c97a2d08eb373.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    The ``/run`` directory is excluded from AIDE checks since the files and
+    directories there are only temporary and often change when services
+    start and stop.