Provided by: aide-xen_0.16-3ubuntu0.1_amd64 
NAME
aide - Advanced Intrusion Detection Environment
SYNOPSIS
aide [parameters] command
DESCRIPTION
AIDE is an intrusion detection system for checking the integrity of files.
COMMANDS
--check, -C
Checks the database for inconsistencies. You must have an initialized database to do this. This is
also the default command. Without any command aide does a check.
--init, -i
Initialize the database. You must initialize a database and move it to the appropriate place
before you can use the --check command.
--update, -u
Checks the database and updates the database non-interactively. The input and output databases
must be different.
--compare, -E
Compares two databases. They must be defined in config file with database=<url> and
database_new=<url>.
--config-check, -D
Stops after reading in the configuration file. Any errors will be reported. If aide was compiled
with the "--with-dbhmackey" option, a hash for the config file will be calculated. See the AIDE
manual for more information.
PARAMETERS
--config=configfile , -c configfile
Configuration is read from file configfile instead of "./aide.conf". Use '-' for stdin.
--limit=REGEX , -l REGEX
Limit command to entries matching REGEX. Note that the REGEX only matches at the first position.
Example
Only check and update the database entries matching /etc (i.e. the /etc directory) while
leaving all other entries unchecked and unchanged:
aide --update --limit /etc
--before="configparameters" , -B "configparameters"
These configparameters are handled before the reading of the configuration file. See aide.conf (5)
for more details on what to put here.
--after="configparameters" , -A "configparameters"
These configparameters are handled after the reading of the configuration file. See aide.conf (5)
for more details on what to put here.
--verbose=verbosity_level,-Vverbosity_level
Controls how verbose aide is. Value must [0-255]. The default is 5. With no argument Value is set
to 20. This parameter overrides the value set in a configuration file.
--report=reporter,-r reporter
reporter is a URL which tells aide where to send it's output. See aide.conf (5) section URLS for
available values.
--version,-v
aide prints out its version number
--help,-h
Prints out the standard help message.
DIAGNOSTICS
Normally, the exit status is 0 if no errors occurred. Except when the --check, --compare or --update
command was requested, in which case the exit status is defined as:
1 * (new files detected?) +
2 * (removed files detected?) +
4 * (changed files detected?)
Additionally, the following exit codes are defined for generic error conditions:
14 Error writing error
15 Invalid argument error
16 Unimplemented function error
17 Invalid configureline error
18 IO error
19 Version mismatch error
NOTES
Please note that due to mmap issues, aide cannot be terminated with SIGTERM. Use SIGKILL to terminate.
The checksums in the database and in the output are by default base64 encoded (see also report_base16
option). To decode them you can use the following shell command:
echo <encoded_checksum> | base64 -d | hexdump -v -e '32/1 "%02x" "\n"'
FILES
/etc/aide/aide.conf
Default aide configuration file.
/etc/aide/aide.conf.d
Config snippets which are automatically concatenated to the configuration file by update-
aide.conf. This is a Debian extension.
aide.db
Default aide database.
aide.db.new
Default aide output database.
SEE ALSO
aide.conf(5) manual.html
BUGS
There are probably bugs in this release. Please report them at http://sourceforge.net/projects/aide and to the Debian BTS. Bug fixes are more than welcome. Unified diffs are preferred.
DISCLAIMER
All trademarks are the property of their respective owners. No animals were harmed while making this
webpage or this piece of software. Although some pizza delivery guy's feelings were hurt.