Provided by: aide_0.17.4-1_amd64 bug

NAME

       aide - Advanced Intrusion Detection Environment

SYNOPSIS

       aide [parameters] command

DESCRIPTION

       AIDE is an intrusion detection system for checking the integrity of files.

COMMANDS

       --check, -C
              Checks  the  database for inconsistencies. You must have an initialized database to
              do this. This is also the default command. Without any command aide does a check.

       --init, -i
              Initialize the database. You  must  initialize  a  database  and  move  it  to  the
              appropriate  place  (see  database_in config option) before you can use the --check
              command.

       --dry-init, -n
              Traverse the file system, match each file against  the  rule  tree  and  report  to
              stdout.

              Neither reports nor the database are written in this mode.

              To  change  the  log  level  in  this  mode please use the --log-level command line
              parameter.

              In this mode aide exits with status 0.

       --update, -u
              Checks the database and updates the  database  non-interactively.   The  input  and
              output databases must be different.

       --compare, -E
              Compares two databases. They must be defined in config file with database=<url> and
              database_new=<url>.

       --config-check, -D
              Stops after reading in the configuration file. Any errors  will  be  reported.   To
              change  the  log  level  in  this  mode  please  use  the  --log-level command line
              parameter.

       --path-check=file_type:path, -p file_type:path
              Read configuration and match provided file_type and path  against  rule  tree.  The
              path  is independent of what is in the actual file system and needs to be absolute.
              See RESTRICTED RULES section in aide.conf (5) for supported file types.

              To change the log level in this  mode  please  use  the  --log-level  command  line
              parameter.

              In  this mode aide exits with status 0 if the file would be added to the tree, 1 if
              not and 2 if the file does not match a specified limit.

PARAMETERS

       --config=configfile , -c configfile
              Configuration is read from  file  configfile  (see  --version  output  for  default
              value).  Use '-' for stdin.

       --limit=REGEX , -l REGEX
              Limit  command  to  entries matching REGEX. Note that the REGEX only matches at the
              first position.

              Example
                 Only check and  update  the  database  entries  matching  /etc  (i.e.  the  /etc
                 directory) while leaving all other entries unchecked and unchanged:

                    aide --update --limit /etc

       --before="configparameters" , -B "configparameters"
              These  configparameters  are  handled before the reading of the configuration file.
              See aide.conf (5) for more details on what to put here.

       --after="configparameters" , -A "configparameters"
              These configparameters are handled after the reading of the configuration file. See
              aide.conf (5) for more details on what to put here.

       --log-level=log_level,-Llog_level
              The log level to use (see aide.conf (5) for available log levels and more details).
              This overwrites the log_level value set in any configuration file.

       --verbose=verbosity_level,-Vverbosity_level
              Removed in AIDE v0.17, use log_level and report_level config options  instead  (see
              aide.conf (5) for details).

       --version,-v
              aide prints out its version number

       --help,-h
              Prints out the standard help message.

EXIT STATUS

       Normally,  the  exit status is 0 if no errors occurred. Except when the --check, --compare
       or --update command was requested, in which case the exit status is defined as:

       1 * (new files reported?)     +

       2 * (removed files reported?) +

       4 * (changed files reported?)

       Since those three cases can occur together, the respective  error  codes  are  added.  For
       example,  if there are new files and removed files reported, the exit status will be 1 + 2
       = 3.

       Additionally, the following exit codes are defined for generic error conditions:

       14 Writing error

       15 Invalid argument error

       16 Unimplemented function error

       17 Configuration error

       18 IO error

       19 Version mismatch error

       20 EXEC error

       21 File lock error

SIGNAL HANDLING

       Please note that due to mmap issues, aide cannot be terminated with SIGTERM.  Use  SIGKILL
       to terminate.

       SIGUSR1 toggles the log_level between current and debug level.

NOTES

       The  checksums  in  the database and in the output are by default base64 encoded (see also
       report_base16 option).  To decode them you can use the following shell command:

       echo <encoded_checksum> | base64 -d | hexdump -v -e '32/1 "%02x" "\n"'

FILES

       See --version output  for  the  default  config  file  and  the  default  database_in  and
       database_out config values.

SEE ALSO

       aide.conf(5)

BUGS

       There    are    probably    bugs    in    this    release.    Please    report   them   at
       https://github.com/aide/aide/issues .

DISCLAIMER

       All trademarks are the property of their respective owners.  No animals were harmed  while
       making this webpage or this piece of software. Although some pizza delivery guy's feelings
       were hurt.