table of contents
other versions
- wheezy 0.15.1-8
- wheezy-backports 0.16~a2.git20130520-3~bpo70+1
- jessie 0.16~a2.git20130520-3
- jessie-backports 0.16-1~bpo8+1
- testing 0.16-1+b3
- unstable 0.16-1+b3
conflicting packages
aide(1) | General Commands Manual | aide(1) |
NAME¶
aide - Advanced Intrusion Detection EnvironmentSYNOPSIS¶
aide [ parameters] commandDESCRIPTION¶
aide is an intrusion detection system for checking the integrity of files.COMMANDS¶
- --check, -C
- Checks the database for inconsistencies. You must have an initialized database to do this. This is also the default command. Without any command aide does a check.
- --init, -i
- Initialize the database. You must initialize a database and move it to the appropriate place before you can use the --check command.
- --update, -u
- Checks the database and updates the database non-interactively. The input and output databases must be different.
- --compare, -E
- Compares two databases. They must be defined in configfile with database=<url> and database_new=<url>.
- --config-check, -D
- Stops after reading in the configuration file. Any errors will be reported. If aide was compiled with the "--with-dbhmackey" option, a hash for the config file will be calculated. See the aide manual for more information.
PARAMETERS¶
- --config=configfile , -c configfile
- Configuration is read from file configfile instead of "./aide.conf". Use '-' for stdin.
- --before="configparameters" , -B "configparameters"
- These configparameters are handled before the reading of the configuration file. See aide.conf (5) for more details on what to put here.
- --after="configparameters" , -A "configparameters"
- These configparameters are handled after the reading of the configuration file. See aide.conf (5) for more details on what to put here.
- --verbose=verbosity_level,-Vverbosity_level
- Controls how verbose aide is. Value must [0-255]. The default is 5. With no argument Value is set to 20. This parameter overrides the value set in a configuration file.
- --report=reporter,-r reporter
- reporter is a URL which tells aide where to send it's output. See aide.conf (5) section URLS for available values.
- --version,-v
- aide prints out its version number
- --help,-h
- Prints out the standard help message.
DIAGNOSTICS¶
Normally, the exit status is 0 if no errors occurred. Except when the --check, --compare or --update command was requested, in which case the exit status is defined as:- 1 * (new files detected?) +
- 2 * (removed files detected?) +
- 4 * (changed files detected?)
- 14 Error writing error
- 15 Invalid argument error
- 16 Unimplemented function error
- 17 Invalid configureline error
- 18 IO error
- 19 Version mismatch error
NOTES¶
Please note that due to mmap issues, aide cannot be terminated with SIGTERM. Use SIGKILL to terminate.FILES¶
- /etc/aide/aide.conf
- Default aide configuration file.
- /etc/aide/aide.conf.d
- Config snippets which are automatically concatenated to the configuration file by update-aide.conf. This is a Debian extension.
- aide.db
- Default aide database.
- aide.db.new
- Default aide output database.