1AIDE(1) User Commands AIDE(1)
2
3
4
6 aide - Advanced Intrusion Detection Environment
7
9 aide [parameters] command
10
12 AIDE is an intrusion detection system for checking the integrity of
13 files.
14
15
17 --check, -C
18 Checks the database for inconsistencies. You must have an ini‐
19 tialized database to do this. This is also the default command.
20 Without any command aide does a check.
21
22 --init, -i
23 Initialize the database. You must initialize a database and move
24 it to the appropriate place before you can use the --check com‐
25 mand.
26
27 --update, -u
28 Checks the database and updates the database non-interactively.
29 The input and output databases must be different.
30
31 --compare, -E
32 Compares two databases. They must be defined in config file with
33 database=<url> and database_new=<url>.
34
35 --config-check, -D
36 Stops after reading in the configuration file. Any errors will
37 be reported. If aide was compiled with the "--with-dbhmackey"
38 option, a hash for the config file will be calculated. See the
39 AIDE manual for more information.
40
42 --config=configfile , -c configfile
43 Configuration is read from file configfile instead of
44 "./aide.conf". Use '-' for stdin.
45
46 --limit=REGEX , -l REGEX
47 Limit command to entries matching REGEX. Note that the REGEX
48 only matches at the first position.
49
50 Example
51 Only check and update the database entries matching /etc
52 (i.e. the /etc directory) while leaving all other entries
53 unchecked and unchanged:
54
55 aide --update --limit /etc
56
57
58 --before="configparameters" , -B "configparameters"
59 These configparameters are handled before the reading of the
60 configuration file. See aide.conf (5) for more details on what
61 to put here.
62
63 --after="configparameters" , -A "configparameters"
64 These configparameters are handled after the reading of the con‐
65 figuration file. See aide.conf (5) for more details on what to
66 put here.
67
68 --verbose=verbosity_level,-Vverbosity_level
69 Controls how verbose aide is. Value must [0-255]. The default is
70 5. With no argument Value is set to 20. This parameter overrides
71 the value set in a configuration file.
72
73 --report=reporter,-r reporter
74 reporter is a URL which tells aide where to send it's output.
75 See aide.conf (5) section URLS for available values.
76
77 --version,-v
78 aide prints out its version number
79
80 --help,-h
81 Prints out the standard help message.
82
84 Normally, the exit status is 0 if no errors occurred. Except when the
85 --check, --compare or --update command was requested, in which case the
86 exit status is defined as:
87
88 1 * (new files detected?) +
89
90 2 * (removed files detected?) +
91
92 4 * (changed files detected?)
93
94 Additionally, the following exit codes are defined for generic error
95 conditions:
96
97 14 Error writing error
98
99 15 Invalid argument error
100
101 16 Unimplemented function error
102
103 17 Invalid configureline error
104
105 18 IO error
106
107 19 Version mismatch error
108
110 Please note that due to mmap issues, aide cannot be terminated with
111 SIGTERM. Use SIGKILL to terminate.
112
113 The checksums in the database and in the output are by default base64
114 encoded (see also report_base16 option). To decode them you can use
115 the following shell command:
116
117 echo <encoded_checksum> | base64 -d | hexdump -v -e '32/1 "%02x" "\n"'
118
119
121 /etc/aide.conf
122 Default aide configuration file.
123
124 /var/lib/aide/aide.db
125 Default aide database.
126
127 /var/lib/aide/aide.db.new
128 Default aide output database.
129
131 aide.conf(5) manual.html
132
134 There are probably bugs in this release. Please report them at
135 http://sourceforge.net/projects/aide . Bug fixes are more than welcome.
136 Unified diffs are preferred.
137
139 All trademarks are the property of their respective owners. No animals
140 were harmed while making this webpage or this piece of software.
141 Although some pizza delivery guy's feelings were hurt.
142
143
144
145aide 0.16 Jul 25, 2016 AIDE(1)