File: aide.1.in

package info (click to toggle)
aide 0.16.1-1
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid
  • size: 3,012 kB
  • sloc: ansic: 10,362; sh: 6,395; lex: 675; yacc: 324; makefile: 93
file content (127 lines) | stat: -rw-r--r-- 4,503 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
.TH AIDE 1 "Feb 25, 2019" "aide v0.16.1" "User Commands"
.SH NAME
\fBaide\fP \- Advanced Intrusion Detection Environment
.SH SYNOPSIS
\fBaide\fP
\%[\fBparameters\fP]
\%\fBcommand\fP
.SH DESCRIPTION
\fBAIDE\fP is an intrusion detection system for checking the integrity
of files.

.SH COMMANDS
.PP
.IP "--check, -C"
Checks the database for inconsistencies. You must have an initialized
database to do this. This is also the default command. Without any
command \fBaide\fP does a check.
.IP "--init, -i"
Initialize the database. You must initialize a database and move it to
the appropriate place before you can use the \-\-check command.
.IP "--update, -u"
Checks the database and updates the database non-interactively.
The input and output databases must be different.
.IP "--compare, -E"
Compares two databases. They must be defined in config file with
database=<url> and database_new=<url>.
.IP "--config-check, -D"
Stops after reading in the configuration file. Any errors will be reported.
If \fBaide\fP was compiled with the \(dq\fB--with-dbhmackey\fR\(dq option,
a hash for the config file will be calculated. See the AIDE manual for more
information.
.SH PARAMETERS
.IP "--config=\fBconfigfile\fR , -c \fBconfigfile\fR"
Configuration is read from file \fBconfigfile\fR instead of "./aide.conf". Use '-' for stdin.
.IP "--limit=\fBREGEX\fR , -l \fBREGEX\fR"
Limit command to entries matching REGEX. Note that the REGEX only matches
at the first position.

.RS
.B Example
.RS 3
Only check and update the database entries matching /etc (i.e. the /etc
directory) while leaving all other entries unchecked and unchanged:

.RS 3
.nf
aide --update --limit /etc
.fi
.RE
.RE
.RE

.IP "--before=\(dq\fBconfigparameters\fR\(dq , -B \(dq\fBconfigparameters\fR\(dq"
These \fBconfigparameters\fR are handled before the reading of the
configuration file. See aide.conf (5) for more details on what to put
here.
.IP "--after=\(dq\fBconfigparameters\fR\(dq , -A \(dq\fBconfigparameters\fR\(dq"
These \fBconfigparameters\fR are handled after the reading of the
configuration file. See aide.conf (5) for more details on what to put
here.
.IP --verbose=\fBverbosity_level\fR,-V\fBverbosity_level\fR
Controls how verbose \fBaide\fP is. Value must [0-255]. The default is
5. With no argument Value is set to 20. This parameter overrides the
value set in a configuration file.
.IP "--report=\fBreporter\fR,-r \fBreporter\fR"
\fBreporter\fR is a URL which tells \fBaide\fP where to send it's
output. See aide.conf (5) section URLS for available values.
.IP "--version,-v"
\fBaide\fP prints out its version number
.IP "--help,-h"
Prints out the standard help message.
.PP
.SH DIAGNOSTICS
Normally, the exit status is 0 if no errors occurred. Except when the
.BR --check ,
.BR --compare " or"
.B --update
command was requested, in which case the exit status is defined as:
.IP "1 * (new files detected?)     +"
.IP "2 * (removed files detected?) +"
.IP "4 * (changed files detected?)"
.PP
Since those three cases can occur together, the respective error codes
are added. For example, if there are new files and removed files detected,
the exit status will be 1 + 2 = 3.
.PP
Additionally, the following exit codes are defined for generic error
conditions:
.IP "14 Error writing error"
.IP "15 Invalid argument error"
.IP "16 Unimplemented function error"
.IP "17 Invalid configureline error"
.IP "18 IO error"
.IP "19 Version mismatch error"
.PP
.SH NOTES
Please note that due to mmap issues, aide cannot be terminated with
SIGTERM. Use SIGKILL to terminate.

The checksums in the database and in the output are by default base64
encoded (see also report_base16 option).
To decode them you can use the following shell command:

echo <encoded_checksum> | base64 \-d | hexdump \-v \-e '32/1 "%02x" "\\n"'

.PP
.SH FILES
.IP \fB/etc/aide/aide.conf\fR
Default aide configuration file.
.IP \fB/etc/aide/aide.conf.d\fR
Config snippets which are automatically concatenated to the
configuration file by update-aide.conf. This is a Debian extension.
.IP \fBaide.db\fR
Default aide database.
.IP \fBaide.db.new\fR
Default aide output database.
.SH SEE ALSO
.BR aide.conf (5)
.BR manual.html
.SH BUGS
There are probably bugs in this release. Please report them at
https://github.com/aide/aide/issues and to the Debian BTS.
.SH DISCLAIMER
All trademarks are the property of their respective owners.
No animals were harmed while making this webpage or this piece of
software. Although some pizza delivery guy's feelings were hurt.
.BR