1AIDE(1) User Commands AIDE(1)
2
6 aide - Advanced Intrusion Detection Environment
7
9 aide [parameters] command
10
12 AIDE is an intrusion detection system for checking the integrity of
13 files.
14
17 --check, -C
18 Checks the database for inconsistencies. You must have an ini‐
19 tialized database to do this. This is also the default command.
20 Without any command aide does a check.
21 --init, -i
23 Initialize the database. You must initialize a database and move
24 it to the appropriate place (see database_in config option) be‐
25 fore you can use the --check command.
26 --dry-init, -n (added in AIDE v0.17)
28 Traverse the file system, match each file against the rule tree
29 and report to stdout.
30 Neither reports nor the database are written in this mode.
32 To change the log level in this mode please use the --log-level
34 command line parameter.
35 In this mode aide exits with status 0.
37 --update, -u
40 Checks the database and updates the database non-interactively.
41 The input and output databases must be different.
42 --compare, -E
44 Compares two databases. They must be defined in config file with
45 database=<url> and database_new=<url>.
46 --config-check, -D
48 Stops after reading in the configuration file. Any errors will
49 be reported. To change the log level in this mode please use
50 the --log-level command line parameter.
51 --path-check=file_type:path, -p file_type:path (added in AIDE v0.17)
53 Read configuration and match provided file_type and path against
54 rule tree. The path is independent of what is in the actual file
55 system and needs to be absolute. See RESTRICTED RULES section in
56 aide.conf (5) for supported file types.
57 To change the log level in this mode please use the --log-level
59 command line parameter.
60 In this mode aide exits with status 0 if the file would be added
62 to the tree, 1 if not and 2 if the file does not match a speci‐
63 fied limit.
64
67 --config=configfile , -c configfile
68 Configuration is read from file configfile (see --version output
69 for default value). Use '-' for stdin.
70 --limit=REGEX , -l REGEX (added in AIDE v0.16)
72 Limit command to entries matching REGEX. Note that the REGEX
73 only matches at the first position.
74 Example
76 Only check and update the database entries matching /etc
77 (i.e. the /etc directory) while leaving all other entries
78 unchecked and unchanged:
79 aide --update --limit /etc
81 --before="configparameters" , -B "configparameters"
84 These configparameters are handled before the reading of the
85 configuration file. See aide.conf (5) for more details on what
86 to put here.
87 --after="configparameters" , -A "configparameters"
89 These configparameters are handled after the reading of the con‐
90 figuration file. See aide.conf (5) for more details on what to
91 put here.
92 --log-level=log_level,-Llog_level (added in AIDE v0.17)
94 The log level to use (see aide.conf (5) for available log levels
95 and more details). This overwrites the log_level value set in
96 any configuration file.
97 --verbose=verbosity_level,-Vverbosity_level (REMOVED in AIDE v0.17)
99 Removed, use log_level and report_level config options instead
100 (see aide.conf (5) for details).
101 --report=reporter,-r reporter (REMOVED in AIDE v0.17)
103 Removed, use report_url config option instead (see aide.conf (5)
104 for details).
105 --workers=WORKERS , -W WORKERS (added in AIDE v0.18)
107 Specifies the number of workers (see aide.conf (5) for details).
108 This overwrites the num_workers value set in any configuration
109 file.
110 --version,-v
112 Print version information and exit.
113 --help,-h
115 Prints out the standard help message.
116
118 Normally, the exit status is 0 if no errors occurred. Except when the
119 --check, --compare or --update command was requested, in which case the
120 exit status is defined as:
121 1 * (new files reported?) +
123 2 * (removed files reported?) +
125 4 * (changed files reported?)
127 Since those three cases can occur together, the respective error codes
129 are added. For example, if there are new files and removed files re‐
130 ported, the exit status will be 1 + 2 = 3.
131 Additionally, the following exit codes are defined for generic error
133 conditions:
134 14 Writing error
136 15 Invalid argument error
138 16 Unimplemented function error
140 17 Configuration error
142 18 IO error
144 19 Version mismatch error
146 20 EXEC error
148 21 File lock error
150 22 Memory allocation error
152 23 Thread error
154
156 SIGTERM is ignored, use SIGKILL to terminate aide.
157 SIGHUP is also ignored.
159 SIGUSR1 toggles the log_level between current and debug level.
161
163 The checksums in the database and in the output are by default base64
164 encoded (see also report_base16 option). To decode them you can use
165 the following shell command:
166 echo <encoded_checksum> | base64 -d | hexdump -v -e '32/1 "%02x" "\n"'
168
171 See --version output for the default config file and the default data‐
172 base_in and database_out config values.
173
176 aide.conf(5)
177
179 There are probably bugs in this release. Please report them at
180 https://github.com/aide/aide/issues .
181
183 All trademarks are the property of their respective owners. No animals
184 were harmed while making this webpage or this piece of software. Al‐
185 though some pizza delivery guy's feelings were hurt.
186aide v0.18.4 2023-06-13 AIDE(1)