[an error occurred while processing this directive]
Appendix B. List of command line options
Prev   Next

Appendix B. List of command line options

Table of Contents

1. General
2. samhain
3. yule

1. General

  1. -D, --daemon Run as daemon.

  2. --foreground Stay in the foreground, do not run as daemon.

  3. -f, --forever Loop forever, even if not daemon.

  4. --bind-address=<IP-Address> Use this IP address (i.e. interface) for outgoing connections (e.g. on multi-interface machines).

  5. --server-port=<port number> Connect to this port on the server (client-side option for client-server connection).

  6. --server-host=<hostname/IP address> Connect to this server host (client-side option for client-server connection). Using this option a second time will set the backup server host. Reloading the configuration with a server defined in the configuration file will overwrite the original CL values.

  7. -s <arg>, --set-syslog-severity=<arg> Set the severity threshold for syslog. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert .

  8. -l <arg>, --set-log-severity=<arg> Set the severity threshold for logfile. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert .

  9. -m <arg>, --set-mail-severity=<arg> Set the severity threshold for e-mail. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert .

  10. --set-database-severity=<arg> Set the severity threshold for logging to a RDBMS. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert .

  11. --set-prelude-severity=<arg> Set the severity threshold for logging to the Prelude IDS system. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert .

  12. -p <arg>, --set-print-severity=<arg> Set the severity threshold for terminal/console. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert .

  13. -x <arg>, --set-extern-severity=<arg> Set the severity threshold for external program(s). arg may be one of none, debug, info, notice, warn, mark, err, crit, alert .

  14. -L <arg>, --verify-log=<arg> Verify the integrity of the log file and print the entries ( arg is the path of the log file).

  15. -j, --just-list Modify -L to just list the logfile, rather than verify (to de-obfuscate the logfile if you have compiled for stealth mode). Order matters: this must come before -L.

  16. -M <arg>, --verify-mail=<arg> Verify the integrity of e-mailed messages ( arg is the path of the mail box).

  17. -V <arg>, --add-key=<arg> Add key material to the compiled-in key (see Section 2 ). arg must be of the form key@/path/to/executable. Output will be written to /path/to/executable.out.

  18. -H <arg>, --hash-string=<arg> Print the hash of a string / the checksum of a file, and exit. If arg starts with a '/', it is assumed to be a file, otherwise a string. This function is useful to test the hash algorithm.

  19. -z <arg>, --tracelevel=<arg> If compiled with --enable-debug: arg > 0 to switch on debug output. If compiled with --enable-trace: arg > 0 max. level for call tracing.

  20. -i <arg>, --milestone=<arg> If compiled with --enable-trace: trace from milestone arg to arg+1. If arg = -1, trace all.

  21. -o <arg>, --outfile=<filename> Pathname for the output filename (relevant for the options --list-database and --create-database).

  22. -d <arg>, --list-database=<arg> List the database file arg(use ``default'' for the compiled-in path). The listing can be modified in various ways by prepending some other options (see next).

  23. --list-file=<path> Modify --list-database to list the literal content of a file, if this has been stored. Order matters: this must come before --list-database.

  24. -a, --full-detail Modify --list-database to list full details (numeric mode, owner, group, all three timestamps (ctime, mtime, atime), and the checksum. Order matters: this must come before --list-database.

  25. --delimited Same as --full-detail, but with comma-delimited fields. Order matters: this must come before --list-database.

  26. --binary This will list the database in the binary format of the database, i.e. it will output another database. Intended to be used together with --list-filter to create a partial database. Order matters: this must come before --list-database.

  27. --list-filter=<filename> Modify --list-database to list only those files listed in the text file <filename> (one path per line). Together with the --binary option this allows to create a partial database. Order matters: this must come before --list-database.

  28. --verify-database=<arg> Verify (the integrity of the files in) the database given as argument, and exit with a status of success or failure. The configuration file will NOT be read, the policy recorded in the baseline database will be used instead. For more verbosity, the option --set-print-severity=<arg>> can be prepended. Intended to be used with a partial database created by --binary --list-filter=<filter_filename> --list-database=<database_filename>

  29. --create-database=<arg> Create a baseline database for the files listed in the textfile arg(one path per line). The configuration file will NOT be read, the policy recorded in the baseline database will be ReadOnly, and the content of files will optionally be stored if the path in the list is preceded by a '+' (plus) sign. For choosing the output pathname, the option --outfile=<filename> should be prepended. For more verbosity, the option --set-print-severity=<arg> can be prepended.

  30. --init-rootfs=<arg> Use the directory given as arg as the root of the filesystem when initializing the database. Paths in the configuration file are considered to be relative to this directory, i.e. the leading '/' represents the specified filesystem root rather than the true root.

    The purpose of this option is to faciliate the generation of a baseline database for a root filesystem (e.g. of an embedded/IOT device) mounted at some path.

  31. -c, --copyright Print copyright information and exit.

  32. -v, --version Show version information and compiled-in options.

  33. -h, --help Print a short help on command line options and exit.

  34. --trace-enable Print a trace of the execution flow.

  35. --trace-logfile=<arg> Use file arg to log the trace.

Prev   Next
6. Paths Home 2.  samhain
[an error occurred while processing this directive]