解讀 AIDE 每日報告中的標誌

tag-icon tag-icon linux aide
解讀 AIDE 每日報告中的標誌

我的問題是關於 AIDE 在每日電子郵件報告中為每個文件顯示的標誌。例如,對於新文件,其顯示如下:

f++++++++++++++++: /var/cache/apt/archives/squashfs-tools_1%3a4.4-1ubuntu0.1_amd64.deb

我可以推斷出它f代表文件,並且我已經看到d它代表目錄。但是還有哪些旗幟可能會出現在這裡呢?怎麼樣++++++++++++++++,它代表什麼嗎?

現在對於修改後的文件來說事情變得更有趣了:

d =.... mc.. ..  : /run/motd.d/fwupd
f =.... mci....  : /run/motd.d/fwupd/85-fwupd
f >b... mc..C.. .: /var/cache/apt/pkgcache.bin
f <.... mc..C.. .: /var/cache/apt/srcpkgcache.bin
f =.... .c..... .: /var/lib/PackageKit/transactions.db

我找不到任何詳細說明這些含義的文檔。非常感謝任何幫助理解這一點的幫助。

答案1

手冊頁中對這些標誌進行了描述aide.conf(請參閱 參考資料man 5 aide.conf):

       report_summarize_changes (type: bool, default: true)
       summarize_changes (DEPRECATED, will be removed in a future release)
              Summarize changes in the added, removed and changed files sections of the report.

              The general format is like the string YlZbpugamcinHAXSEC, where Y is replaced by the file-type (f for a regular file, d for a directory, l for a symbolic link, c for a character device, b for a block device, p for a FIFO, s for a unix socket, D for  a
              Solaris door, P for a Solaris event port, !  if file type has changed and ? otherwise).

              The Z is replaced as follows: A = means that the size has not changed, a < reports a shrinked size and a > reports a grown size.

              The other letters in the string are the actual letters that will be output if the associated attribute for the item has been changed or a "." for no change, a "+" if the attribute has been added, a "-" if it has been removed, a ":" if the attribute is
              ignored (but not forced) or a " " if the attribute has not been checked. The exceptions to this are: (1) a newly created file replaces each letter with a "+", and (2) a removed file replaces each letter with a "-".

              The attribute that is associated with each letter is as follows:

              o      A l means that the link name has changed.

              o      A b means that the block count has changed.

              o      A p means that the permissions have changed.

              o      An u means that the uid has changed.

              o      A g means that the gid has changed.

              o      An a means that the access time has changed.

              o      A m means that the modification time has changed.

              o      A c means that the change time has changed.

              o      An i means that the inode has changed.

              o      A n means that the link count has changed.

              o      A H means that one or more message digests have changed.

              The following letters are only available when explicitly enabled using configure:

              o      A A means that the access control list has changed.

              o      A X means that the extended attributes have changed.

              o      A S means that the SELinux attributes have changed.

              o      A E means that the file attributes on a second extended file system have changed.

              o      A C means that the file capabilities have changed.

(助手 v0.17.3)

相關內容