.\" Generated by scdoc 1.11.3
.\" Complete documentation for this program is not available as a GNU info page
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.nh
.ad l
.\" Begin generated content:
.TH "apk-audit" "8" "2024-04-29"
.PP
.SH NAME
.PP
apk audit - audit directories for changes
.PP
.SH SYNOPSIS
.PP
\fBapk audit\fR [<\fIoptions\fR>.\&.\&.\&] \fIdirectories\fR.\&.\&.\&
.PP
.SH DESCRIPTION
.PP
\fBapk audit\fR audits the system or specified directories for changes compared to
the package database.\&
.PP
The audit can be done against configuration files only (\fB--backup\fR) to generate
list of files needed to be stored in the overlay in run-from-tmps configuration.\&
Alternatively, it can audit all installed files (\fB--system\fR or \fB--full\fR) to
e.\&g.\& detect unauthorized modifications of system files.\&
.PP
By default, the output format is one file per line, for each modified file.\&
A character is printed indicating the line type, followed by a space,
then the affected path or details.\& The changes detected are:
.PP
.TS
l lx
l lx
l lx
l lx
l lx
l lx
l lx
l lx
l lx
l lx
l lx.
T{
-
T}	T{
Database detail record
T}
T{
+
T}	T{
On-disk detail record
T}
T{
A
T}	T{
File added
T}
T{
d
T}	T{
Directory added
T}
T{
D
T}	T{
Directory added (with non-listed files/subdirs)
T}
T{
e
T}	T{
error occured during audit (e.\&g.\& no permissions to read file)
T}
T{
M
T}	T{
File metadata changed (uid, gid, or mode)
T}
T{
m
T}	T{
Directory metadata changed
T}
T{
U
T}	T{
File contents modified
T}
T{
X
T}	T{
File deleted
T}
T{
x
T}	T{
xattrs changed
T}
.TE
.sp 1
.SH OPTIONS
.PP
\fB--backup\fR
.RS 4
Audit configuration files only (default).\& The list of files to be
audited is generated from the masks in protected_paths.\&d.\&
.PP
.RE
\fB--check-permissions\fR
.RS 4
Check file permissions too.\& Namely, the uid, gid and file mode will
be checked in addition to the file content.\&
.PP
.RE
\fB--details\fR
.RS 4
Enable reporting of detail records.\&
.PP
.RE
\fB--full\fR
.RS 4
Audit all system files.\& Same as \fB--system\fR, but in addition reports
all added directories and files.\& A built-in default override for
protected paths is used, unless a \fB--protected-paths\fR is explicitly
specified.\&
.PP
.RE
\fB--ignore-busybox-symlinks\fR
.RS 4
Ignore symlinks whose target is the busybox binary.\&
.PP
.RE
\fB--packages\fR
.RS 4
Print only the packages with changed files.\& Instead of the full output
each modification, the set of packages with at least one modified file
is printed.\&
.PP
To repair all packages with modified files, one could use:
.RS 4
apk audit --packages -q | xargs apk fix
.PP
.RE
.RE
\fB--protected-paths\fR \fIFILE\fR
.RS 4
Use given FILE for protected paths listings.\& This also makes apk ignore
the regular protected_paths.\&d directories.\&
.PP
.RE
\fB--system\fR
.RS 4
Audit all system files.\& All files provided by packages are verified
for integrity with the exception of configuration files (listed in
protected_paths.\&d).\& This is useful detecting unauthorized file changes.\&
New files or directories are not reported.\&
.PP
.RE
\fB-r, --recursive\fR
.RS 4
Descend into directories and audit them as well.\&