source-git / aide

Clone
Source Code
GIT

Blame doc/aide.1.in

c8 c8s master
  1.   5e8d2a71b5a56a29dd192172b0b661f83a859336
  2.   doc
  3.   aide.1.in
Blob History Raw
Packit Service 5e8d2a 
.TH AIDE 1 "Jul 25, 2016" "aide 0.16" "User Commands"
Packit Service 5e8d2a 
.SH NAME
Packit Service 5e8d2a 
\fBaide\fP \- Advanced Intrusion Detection Environment
Packit Service 5e8d2a 
.SH SYNOPSIS
Packit Service 5e8d2a 
\fBaide\fP
Packit Service 5e8d2a 
\%[\fBparameters\fP]
Packit Service 5e8d2a 
\%\fBcommand\fP
Packit Service 5e8d2a 
.SH DESCRIPTION
Packit Service 5e8d2a 
\fBAIDE\fP is an intrusion detection system for checking the integrity
Packit Service 5e8d2a 
of files.
Packit Service 5e8d2a
Packit Service 5e8d2a 
.SH COMMANDS
Packit Service 5e8d2a 
.PP
Packit Service 5e8d2a 
.IP "--check, -C"
Packit Service 5e8d2a 
Checks the database for inconsistencies. You must have an initialized
Packit Service 5e8d2a 
database to do this. This is also the default command. Without any
Packit Service 5e8d2a 
command \fBaide\fP does a check.
Packit Service 5e8d2a 
.IP "--init, -i"
Packit Service 5e8d2a 
Initialize the database. You must initialize a database and move it to
Packit Service 5e8d2a 
the appropriate place before you can use the \-\-check command.
Packit Service 5e8d2a 
.IP "--update, -u"
Packit Service 5e8d2a 
Checks the database and updates the database non-interactively.
Packit Service 5e8d2a 
The input and output databases must be different.
Packit Service 5e8d2a 
.IP "--compare, -E"
Packit Service 5e8d2a 
Compares two databases. They must be defined in config file with
Packit Service 5e8d2a 
database=<url> and database_new=<url>.
Packit Service 5e8d2a 
.IP "--config-check, -D"
Packit Service 5e8d2a 
Stops after reading in the configuration file. Any errors will be reported.
Packit Service 5e8d2a 
If \fBaide\fP was compiled with the \(dq\fB--with-dbhmackey\fR\(dq option,
Packit Service 5e8d2a 
a hash for the config file will be calculated. See the AIDE manual for more
Packit Service 5e8d2a 
information.
Packit Service 5e8d2a 
.SH PARAMETERS
Packit Service 5e8d2a 
.IP "--config=\fBconfigfile\fR , -c \fBconfigfile\fR"
Packit Service 5e8d2a 
Configuration is read from file \fBconfigfile\fR instead of "./aide.conf". Use '-' for stdin.
Packit Service 5e8d2a 
.IP "--limit=\fBREGEX\fR , -l \fBREGEX\fR"
Packit Service 5e8d2a 
Limit command to entries matching REGEX. Note that the REGEX only matches
Packit Service 5e8d2a 
at the first position.
Packit Service 5e8d2a
Packit Service 5e8d2a 
.RS
Packit Service 5e8d2a 
.B Example
Packit Service 5e8d2a 
.RS 3
Packit Service 5e8d2a 
Only check and update the database entries matching /etc (i.e. the /etc
Packit Service 5e8d2a 
directory) while leaving all other entries unchecked and unchanged:
Packit Service 5e8d2a
Packit Service 5e8d2a 
.RS 3
Packit Service 5e8d2a 
.nf
Packit Service 5e8d2a 
aide --update --limit /etc
Packit Service 5e8d2a 
.fi
Packit Service 5e8d2a 
.RE
Packit Service 5e8d2a 
.RE
Packit Service 5e8d2a 
.RE
Packit Service 5e8d2a
Packit Service 5e8d2a 
.IP "--before=\(dq\fBconfigparameters\fR\(dq , -B \(dq\fBconfigparameters\fR\(dq"
Packit Service 5e8d2a 
These \fBconfigparameters\fR are handled before the reading of the
Packit Service 5e8d2a 
configuration file. See aide.conf (5) for more details on what to put
Packit Service 5e8d2a 
here.
Packit Service 5e8d2a 
.IP "--after=\(dq\fBconfigparameters\fR\(dq , -A \(dq\fBconfigparameters\fR\(dq"
Packit Service 5e8d2a 
These \fBconfigparameters\fR are handled after the reading of the
Packit Service 5e8d2a 
configuration file. See aide.conf (5) for more details on what to put
Packit Service 5e8d2a 
here.
Packit Service 5e8d2a 
.IP --verbose=\fBverbosity_level\fR,-V\fBverbosity_level\fR
Packit Service 5e8d2a 
Controls how verbose \fBaide\fP is. Value must [0-255]. The default is
Packit Service 5e8d2a 
5. With no argument Value is set to 20. This parameter overrides the
Packit Service 5e8d2a 
value set in a configuration file.
Packit Service 5e8d2a 
.IP "--report=\fBreporter\fR,-r \fBreporter\fR"
Packit Service 5e8d2a 
\fBreporter\fR is a URL which tells \fBaide\fP where to send it's
Packit Service 5e8d2a 
output. See aide.conf (5) section URLS for available values.
Packit Service 5e8d2a 
.IP "--version,-v"
Packit Service 5e8d2a 
\fBaide\fP prints out its version number
Packit Service 5e8d2a 
.IP "--help,-h"
Packit Service 5e8d2a 
Prints out the standard help message.
Packit Service 5e8d2a 
.PP
Packit Service 5e8d2a 
.SH DIAGNOSTICS
Packit Service 5e8d2a 
Normally, the exit status is 0 if no errors occurred. Except when the
Packit Service 5e8d2a 
.BR --check ,
Packit Service 5e8d2a 
.BR --compare " or"
Packit Service 5e8d2a 
.B --update
Packit Service 5e8d2a 
command was requested, in which case the exit status is defined as:
Packit Service 5e8d2a 
.IP "1 * (new files detected?)     +"
Packit Service 5e8d2a 
.IP "2 * (removed files detected?) +"
Packit Service 5e8d2a 
.IP "4 * (changed files detected?)"
Packit Service 5e8d2a 
.PP
Packit Service 5e8d2a 
Additionally, the following exit codes are defined for generic error
Packit Service 5e8d2a 
conditions:
Packit Service 5e8d2a 
.IP "14 Error writing error"
Packit Service 5e8d2a 
.IP "15 Invalid argument error"
Packit Service 5e8d2a 
.IP "16 Unimplemented function error"
Packit Service 5e8d2a 
.IP "17 Invalid configureline error"
Packit Service 5e8d2a 
.IP "18 IO error"
Packit Service 5e8d2a 
.IP "19 Version mismatch error"
Packit Service 5e8d2a 
.PP
Packit Service 5e8d2a 
.SH NOTES
Packit Service 5e8d2a 
Please note that due to mmap issues, aide cannot be terminated with
Packit Service 5e8d2a 
SIGTERM. Use SIGKILL to terminate.
Packit Service 5e8d2a
Packit Service 5e8d2a 
The checksums in the database and in the output are by default base64
Packit Service 5e8d2a 
encoded (see also report_base16 option).
Packit Service 5e8d2a 
To decode them you can use the following shell command:
Packit Service 5e8d2a
Packit Service 5e8d2a 
echo <encoded_checksum> | base64 \-d | hexdump \-v \-e '32/1 "%02x" "\\n"'
Packit Service 5e8d2a
Packit Service 5e8d2a 
.PP
Packit Service 5e8d2a 
.SH FILES
Packit Service 5e8d2a 
.IP \fB@sysconfdir@/aide.conf\fR
Packit Service 5e8d2a 
Default aide configuration file.
Packit Service 5e8d2a 
.IP \fB@sysconfdir@/aide.db\fR
Packit Service 5e8d2a 
Default aide database.
Packit Service 5e8d2a 
.IP \fB@sysconfdir@/aide.db.new\fR
Packit Service 5e8d2a 
Default aide output database.
Packit Service 5e8d2a 
.SH SEE ALSO
Packit Service 5e8d2a 
.BR aide.conf (5)
Packit Service 5e8d2a 
.BR manual.html
Packit Service 5e8d2a 
.SH BUGS
Packit Service 5e8d2a 
There are probably bugs in this release. Please report them
Packit Service 5e8d2a 
at http://sourceforge.net/projects/aide . Bug fixes are more than welcome.
Packit Service 5e8d2a 
Unified diffs are preferred.
Packit Service 5e8d2a 
.SH DISCLAIMER
Packit Service 5e8d2a 
All trademarks are the property of their respective owners.
Packit Service 5e8d2a 
No animals were harmed while making this webpage or this piece of
Packit Service 5e8d2a 
software. Although some pizza delivery guy's feelings were hurt.
Packit Service 5e8d2a 
.BR

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation