aide 命令

常用示例

说明

AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker used for intrusion detection. It builds a database of file attributes including permissions, inode numbers, timestamps, file sizes, link counts, and checksums using algorithms like SHA-256 and SHA-512. Once an initial database is created, AIDE can compare the current state of the file system against the stored snapshot to detect unauthorized modifications, new files, or deleted files. Rules in the configuration file define which directories to monitor and which attributes to check for each path.

参数

-i, --init

Initialize the database; must be moved to the appropriate place before using --check

-C, --check

Check the database for inconsistencies; requires an initialized database

-u, --update

Check and update the database non-interactively; input and output databases must be different

-E, --compare

Compare two databases as defined in config file

-D, --config-check

Stop after reading configuration file to check for errors

-c, --config file

Specify alternate configuration file (use '-' for stdin)

-l, --limit regex

Restrict operations to entries matching a regex pattern

-r, --report url

Specify output destination URL

-V, --verbose

Control verbosity level (0-255; default: 5)

-B, --before

Set config parameters before file reading

-A, --after

Set config parameters after file reading