aide(1) aide(1)

NAME aide - Advanced Intrusion Detection Environment

SYNOPSIS aide [parameters] command

DESCRIPTION aide is an intrusion detection system for checking the integrity of files.

COMMANDS --check, -C Checks the database for inconsistencies. You must have an ini- tialized database to do this. This is also the default command. Without any command aide does a check.

--init, -i Initialize the database. You must initialize a database and move it to the appropriate place before you can use the --check com- mand.

--update, -u Checks the database and updates the database non-interactively. The input and output databases must be different.

--compare Compares two databases. They must be defined in configfile with database=<url> and database_new=<url>.

--config-check, -D Stops after reading in the configuration file. Any errors will be reported. If aide was compiled with the "--with-dbhmackey" option, a hash for the config file will be calculated. See the aide manual for more information.

PARAMETERS --config=configfile , -c configfile Configuration is read from file configfile instead of "./aide.conf". Use - for stdin.

--before="configparameters" , -B "configparameters" These configparameters are handled before the reading of the configuration file. See aide.conf (5) for more details on what to put here.

--after="configparameters" , -A "configparameters" These configparameters are handled after the reading of the con- figuration file. See aide.conf (5) for more details on what to put here.

--verbose=verbosity_level,-Vverbosity_level Controls how verbose aide is. Value must [0-255]. The default is 5. With no argument Value is set to 20. This parameter overrides the value set in a configuration file.

--report=reporter,-r reporter reporter is a URL which tells aide where to send its output. See aide.conf (5) section URLS for available values.

--version,-v aide prints out its version number

--help,-h Prints out the standard help message.

DIAGNOSTICS Normally, the exit status is 0 if no errors occurred. Except when the --check command was requested, in which case the exit status is defined as:

1 * (new files detected?) +

2 * (removed files detected?) +

4 * (changed files detected?)

Additionally, the following exit codes are defined for generic error conditions:

14 Error writing error

15 Invalid argument error

16 Unimplemented function error

17 Invalid configureline error

18 IO error

19 Version mismatch error

NOTES Please note that due to mmap issues, aide cannot be terminated with SIGTERM. Use SIGKILL to terminate.

FILES /etc/aide.conf Default aide configuration file. /var/lib/aide.db Default aide database. /var/lib/ Default aide output database.

SEE ALSO aide.conf(5)

BUGS There are probably bugs in this release. Please report them at . Bug fixes are more than welcome. Unified diffs are preferred.

DISCLAIMER All trademarks are the property of their respective owners. No animals were harmed while making this webpage or this piece of software. Although some pizza delivery guys feelings were hurt.