aide(1) [linux man page]
aide(1) General Commands Manual aide(1) NAME
aide - Advanced Intrusion Detection Environment SYNOPSIS
aide [parameters] command DESCRIPTION
aide is an intrusion detection system for checking the integrity of files. COMMANDS
--check, -C Checks the database for inconsistencies. You must have an initialized database to do this. This is also the default command. Without any command aide does a check. --init, -i Initialize the database. You must initialize a database and move it to the appropriate place before you can use the --check command. --update, -u Checks the database and updates the database non-interactively. The input and output databases must be different. --compare Compares two databases. They must be defined in configfile with database=<url> and database_new=<url>. --config-check, -D Stops after reading in the configuration file. Any errors will be reported. If aide was compiled with the "--with-dbhmackey" option, a hash for the config file will be calculated. See the aide manual for more information. PARAMETERS
--config=configfile , -c configfile Configuration is read from file configfile instead of "./aide.conf". Use '-' for stdin. --before="configparameters" , -B "configparameters" These configparameters are handled before the reading of the configuration file. See aide.conf (5) for more details on what to put here. --after="configparameters" , -A "configparameters" These configparameters are handled after the reading of the configuration file. See aide.conf (5) for more details on what to put here. --verbose=verbosity_level,-Vverbosity_level Controls how verbose aide is. Value must [0-255]. The default is 5. With no argument Value is set to 20. This parameter overrides the value set in a configuration file. --report=reporter,-r reporter reporter is a URL which tells aide where to send it's output. See aide.conf (5) section URLS for available values. --version,-v aide prints out its version number --help,-h Prints out the standard help message. DIAGNOSTICS
Normally, the exit status is 0 if no errors occurred. Except when the --check command was requested, in which case the exit status is defined as: 1 * (new files detected?) + 2 * (removed files detected?) + 4 * (changed files detected?) Additionally, the following exit codes are defined for generic error conditions: 14 Error writing error 15 Invalid argument error 16 Unimplemented function error 17 Invalid configureline error 18 IO error 19 Version mismatch error NOTES
Please note that due to mmap issues, aide cannot be terminated with SIGTERM. Use SIGKILL to terminate. FILES
/etc/aide/aide.conf Default aide configuration file. /etc/aide/aide.conf.d Config snippets which are automatically concatenated to the configuration file by update-aide.conf. This is a Debian extension. aide.db Default aide database. aide.db.new Default aide output data- base. SEE ALSO
aide.conf(5) http://www.cs.tut.fi/~rammer/aide/manual.html BUGS
There are probably bugs in this release. Please report them at http://sourceforge.net/projects/aide and to the Debian BTS. Bug fixes are more than welcome. Unified diffs are preferred. DISCLAIMER
All trademarks are the property of their respective owners. No animals were harmed while making this webpage or this piece of software. Although some pizza delivery guy's feelings were hurt. aide(1)
Check Out this Related Man Page
aide_selinux(8) SELinux Policy aide aide_selinux(8) NAME
aide_selinux - Security Enhanced Linux Policy for the aide processes DESCRIPTION
Security-Enhanced Linux secures the aide processes via flexible mandatory access control. The aide processes execute with the aide_t SELinux type. You can check if you have these processes running by executing the ps command with the -Z qualifier. For example: ps -eZ | grep aide_t ENTRYPOINTS
The aide_t SELinux type can be entered via the aide_exec_t file type. The default entrypoint paths for the aide_t domain are the following: /usr/sbin/aide PROCESS TYPES
SELinux defines process types (domains) for each process running on the system You can see the context of a process using the -Z option to ps Policy governs the access confined processes have to files. SELinux aide policy is very flexible allowing users to setup their aide pro- cesses in as secure a method as possible. The following process types are defined for aide: aide_t Note: semanage permissive -a aide_t can be used to make the process type aide_t permissive. SELinux does not deny access to permissive process types, but the AVC (SELinux denials) messages are still generated. BOOLEANS
SELinux policy is customizable based on least access required. aide policy is extremely flexible and has several booleans that allow you to manipulate the policy and run aide with the tightest access possible. If you want to deny any process from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by default. setsebool -P deny_ptrace 1 If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default. setsebool -P domain_fd_use 1 If you want to allow all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by default. setsebool -P domain_kernel_load_modules 1 If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default. setsebool -P fips_mode 1 If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default. setsebool -P global_ssp 1 MANAGED FILES
The SELinux process type aide_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions. aide_db_t /var/lib/aide(/.*) aide_log_t /var/log/aide(/.*)? /var/log/aide.log.* FILE CONTEXTS
SELinux requires files to have an extended attribute to define the file type. You can see the context of a file using the -Z option to ls Policy governs the access confined processes have to these files. SELinux aide policy is very flexible allowing users to setup their aide processes in as secure a method as possible. EQUIVALENCE DIRECTORIES aide policy stores data with multiple different file context types under the /var/log/aide directory. If you would like to store the data in a different directory you can use the semanage command to create an equivalence mapping. If you wanted to store this data under the /srv dirctory you would execute the following command: semanage fcontext -a -e /var/log/aide /srv/aide restorecon -R -v /srv/aide STANDARD FILE CONTEXT SELinux defines the file context types for the aide, if you wanted to store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk. semanage fcontext -a -t aide_db_t '/srv/aide/content(/.*)?' restorecon -R -v /srv/myaide_content Note: SELinux often uses regular expressions to specify labels that match multiple files. The following file types are defined for aide: aide_db_t - Set files with the aide_db_t type, if you want to treat the files as aide database content. aide_exec_t - Set files with the aide_exec_t type, if you want to transition an executable to the aide_t domain. aide_log_t - Set files with the aide_log_t type, if you want to treat the data as aide log data, usually stored under the /var/log directory. Paths: /var/log/aide(/.*)?, /var/log/aide.log.* Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the semanage fcontext command. This will modify the SELinux labeling database. You will need to use restorecon to apply the labels. COMMANDS
semanage fcontext can also be used to manipulate default file context mappings. semanage permissive can also be used to manipulate whether or not a process type is permissive. semanage module can also be used to enable/disable/install/remove policy modules. semanage boolean can also be used to manipulate the booleans system-config-selinux is a GUI tool available to customize SELinux policy settings. AUTHOR
This manual page was auto-generated using sepolicy manpage . SEE ALSO
selinux(8), aide(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8) aide 14-06-10 aide_selinux(8)