aide

Initialize the database

$ sudo aide -i

$ sudo aide -C

$ sudo aide -E

$ sudo aide -u

$ sudo aide -c [path/to/config_file]

$ sudo aide -l [regex]

$ sudo aide -r [reporterurl]

aide [parameters] command

AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker used for intrusion detection. It builds a database of file attributes including permissions, inode numbers, timestamps, file sizes, link counts, and checksums using algorithms like SHA-256 and SHA-512.
Once an initial database is created, AIDE can compare the current state of the file system against the stored snapshot to detect unauthorized modifications, new files, or deleted files. Rules in the configuration file define which directories to monitor and which attributes to check for each path.

-i, --init

Initialize the database; must be moved to the appropriate place before using --check

Check the database for inconsistencies; requires an initialized database

Check and update the database non-interactively; input and output databases must be different

Compare two databases as defined in config file

Stop after reading configuration file to check for errors

Specify alternate configuration file (use '-' for stdin)

Restrict operations to entries matching a regex pattern

Specify output destination URL

Control verbosity level (0-255; default: 5)

Set config parameters before file reading

Set config parameters after file reading

/etc/aide/aide.conf

Main configuration file defining which files to monitor, database locations, and check rules.

Exit codes combine: 1 (new files), 2 (removed files), and 4 (changed files). The database must be stored securely, preferably on read-only media.

Originally developed as an open-source alternative to proprietary file integrity checkers like Tripwire.

tripwire(8), md5sum(1), sha256sum(1)