From 18846bd08390e6ae52a0de0f94ff2a0f62aad4d7 Mon Sep 17 00:00:00 2001 From: Timo Teräs Date: Mon, 10 Apr 2023 20:22:04 +0300 Subject: audit: add a new --full mode --- doc/apk-audit.8.scd | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'doc/apk-audit.8.scd') diff --git a/doc/apk-audit.8.scd b/doc/apk-audit.8.scd index 2294f8a..19a7ba9 100644 --- a/doc/apk-audit.8.scd +++ b/doc/apk-audit.8.scd @@ -15,8 +15,8 @@ the package database. The audit can be done against configuration files only (--backup) to generate list of files needed to be stored in the overlay in run-from-tmps configuration. -Alternatively, it can audit all installed files (--system) to e.g. detect -unauthorized modifications of system files. +Alternatively, it can audit all installed files (--system or --full) to +e.g. detect unauthorized modifications of system files. By default, the output format is one file per line, for each modified file. A character is printed indicating the change detected, followed by a space, @@ -49,6 +49,12 @@ then the affected path. The changes detected are: Check file permissions too. Namely, the uid, gid and file mode will be checked in addition to the file content. +*--full* + Audit all system files. Same as *--system*, but in addition reports + all added directories and files. A built-in default override for + protected paths is used, unless a *--protected-paths* is explicitly + specified. + *--packages* Print only the packages with changed files. Instead of the full output each modification, the set of packages with at least one modified file @@ -65,6 +71,7 @@ then the affected path. The changes detected are: Audit all system files. All files provided by packages are verified for integrity with the exception of configuration files (listed in protected_paths.d). This is useful detecting unauthorized file changes. + New files or directories are not reported. *-r, --recursive* Descend into directories and audit them as well. -- cgit v1.2.3-70-g09d2