stealth V3.00.00
SSH-based Trust Enhancement Acquired through a Locally Trusted Host
Copyright (c) GPL 2005-2014
Usage 1 (activation modes):
stealth [options] policy
Where:
[options] - optional arguments (short options between parentheses,
option descriptions starting with (C) can only be used
on the command-line and are ignored when specified in the
policy file).
--daemon (-d) <path>: (C) run as a background (daemon) process.
<path> is the absolute filename of a pid-file used for
communication with the stealth daemon process
--dry-run: (C) no integrity scans or reloads are performed, but
are assumed OK. Remaining tasks are normally performed
--log (-L) path: log messages are appended to `path'. If path
does not exist, it is first created
--logmail: mail is loggeed (requires --log or --syslog)
--max-size value[BKMG]: files retrieved by GET may at most
have `value' bytes (B), Kbytes (K), Mbytes (M), Gbytes (G).
By default: 10M; The default unit is `B'
--no-mail: mail is not sent. By default mail is sent as configured
in the policy-file (--logmail can be specified independently
from --no-mail)
--parse-policy-file (-p): (C) parse the policy file, no further actions.
Specify once to see the numbered commands,
twice to see the policy file parsing steps as well.
Results to std output.
--random-interval (-i) value: start integrity scans within
a random interval of `value' seconds (minutes
if an `m' is appended to the specified value).
Requires --repeat.
--repeat value: start an integrity scan every `value' seconds
(minutes if an `m' is appended to the specified value).
--run-command (-r) value: (C) only execute command #`value'
--skip-files (-s) path: skip the integrity checks of the
files having their absolute path names listed in `path'
--stdout (-o): messages are (also) written to stdout (incompatible
with the --daemon option)
--syslog: write syslog messages
--syslog-facility fac: syslog facility to use. By default DAEMON
--syslog-priority pri: syslog priority to use. By default NOTICE
--syslog-tag tag: identifier prefixed to syslog messages. By
default `STEALTH')
--time-stamp <type>: the time-stamps to use. By default UTC.
(does not apply to syslog-timestamps)
--verbosity (-V) value: determines the amount of logged information.
Requires --log or --syslog:
0: nothing is logged
1: mode reports and policy commands
2: also: ipc commands and actions
3: also: integrity scan informative messages
policy: path to the policy file
Usage 2 (IPC modes, all options are command-line only):
stealth {--reload,--rerun,--resume,--suspend,--terminate} pid-file
Where:
--reload: reload a stealth process's policy and skip-files
files
--rerun: start an integrity scan
--resume: resume stealth after --suspend
--suspend: suspend stealth's activities
to continue: --resume; to end: --terminate
--terminate: terminate the stealth daemon
pidfile: file containing the pid of the stealth daemon process.
Usage 3 (support mode, all options are command-line only)
stealth {--help,--version}
Where:
--help (-h): provide this help and terminate
--version (-v): show version information and terminate
Note that with the second type of usage the policy file is not required:
here only the pidfile must be specified.