GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
AIDE(1) User Commands AIDE(1)

aide - Advanced Intrusion Detection Environment

aide [parameters] command

AIDE is an intrusion detection system for checking the integrity of files.

--check, -C
Checks the database for inconsistencies. You must have an initialized database to do this. This is also the default command. Without any command aide does a check.
--init, -i
Initialize the database. You must initialize a database and move it to the appropriate place (see database_in config option) before you can use the --check command.
--dry-init, -n
Traverse the file system, match each file against the rule tree and report to stdout.

Neither reports nor the database are written in this mode.

To change the log level in this mode please use the --log-level command line parameter.

In this mode aide exits with status 0.

--update, -u
Checks the database and updates the database non-interactively. The input and output databases must be different.
--compare, -E
Compares two databases. They must be defined in config file with database=<url> and database_new=<url>.
--config-check, -D
Stops after reading in the configuration file. Any errors will be reported. To change the log level in this mode please use the --log-level command line parameter.
--path-check=file_type:path, -p file_type:path
Read configuration and match provided file_type and path against rule tree. The path is independent of what is in the actual file system and needs to be absolute. See RESTRICTED RULES section in aide.conf (5) for supported file types.

To change the log level in this mode please use the --log-level command line parameter.

In this mode aide exits with status 0 if the file would be added to the tree, 1 if not and 2 if the file does not match a specified limit.

--config=configfile , -c configfile
Configuration is read from file configfile (see --version output for default value). Use '-' for stdin.
--limit=REGEX , -l REGEX
Limit command to entries matching REGEX. Note that the REGEX only matches at the first position.

Example
Only check and update the database entries matching /etc (i.e. the /etc directory) while leaving all other entries unchecked and unchanged: 

aide --update --limit /etc

--before="configparameters" , -B "configparameters"
These configparameters are handled before the reading of the configuration file. See aide.conf (5) for more details on what to put here.
--after="configparameters" , -A "configparameters"
These configparameters are handled after the reading of the configuration file. See aide.conf (5) for more details on what to put here.
--log-level=log_level,-Llog_level
The log level to use (see aide.conf (5) for available log levels and more details). This overwrites the log_level value set in any configuration file.
--verbose=verbosity_level,-Vverbosity_level
Removed in AIDE v0.17, use log_level and report_level config options instead (see aide.conf (5) for details).
--version,-v
aide prints out its version number
--help,-h
Prints out the standard help message.

Normally, the exit status is 0 if no errors occurred. Except when the --check, --compare or --update command was requested, in which case the exit status is defined as:
1 * (new files reported?) +
2 * (removed files reported?) +
4 * (changed files reported?)

Since those three cases can occur together, the respective error codes are added. For example, if there are new files and removed files reported, the exit status will be 1 + 2 = 3.

Additionally, the following exit codes are defined for generic error conditions:

14 Writing error
15 Invalid argument error
16 Unimplemented function error
17 Configuration error
18 IO error
19 Version mismatch error
20 EXEC error
21 File lock error

Please note that due to mmap issues, aide cannot be terminated with SIGTERM. Use SIGKILL to terminate.

SIGUSR1 toggles the log_level between current and debug level.

The checksums in the database and in the output are by default base64 encoded (see also report_base16 option). To decode them you can use the following shell command:

echo <encoded_checksum> | base64 -d | hexdump -v -e '32/1 "%02x" "\n"'

See --version output for the default config file and the default database_in and database_out config values.

aide.conf(5)

There are probably bugs in this release. Please report them at https://github.com/aide/aide/issues .

All trademarks are the property of their respective owners. No animals were harmed while making this webpage or this piece of software. Although some pizza delivery guy's feelings were hurt.
2022-01-19 aide v0.17.4
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.