/usr/local/lp/apps/malre/texts/ Current File: //usr/local/lp/apps/malre/texts/help_dis.txt
USAGE FOR COMMANDS 'dis', 'bak', 'note', AND 'led':

dis [FILENAME] (optional: [ANY NUMBER OF ADDITIONAL FILENAMES])
    - Capture details about the file(s) specified, back them up, and disable them
    - The use case for this is instances where you have little question over whether something is wholly malicious and just want it to be disabled
    - This will only have any effect on files, directories, or symlinks that are within the purview of the current Malre job
        - Run `malre --status` for details on what directories are included for the current job
    - For every argument that is a file, directory, or symlink, log the current timestamp and the ctime and permissions of that file, directory, or symlink previous to any other action
    - For every argument that is a file or symlink, create a Stat Watch backup of that file or symlink
    - For every argument that is a file or directory, chmod that file or directory to 000
    - For every argument that is a file, report to cmsv (as with Checkers disable)
        - This will only apply if Checkers believes that the file is under its purview
        - The "--no-report" or "-n" flags can be used if you don't want this file reported
    - For every argument that is a symlink, remove that symlink
    - A comment will be made for the backup indicating that it was taken prior to the file being disabled
        - You can specify your own comment by using the "--comment" or "-c" flag.
        - Comments created in this manner will also be placed in the logs displayed with "--list"

bak [FILENAME] (optional: [ANY NUMBER OF ADDITIONAL FILENAMES])
    - Capture details about the file(s) specified, back them up, but otherwise leave them unaltered
    - The use case for this is if you want to edit or modify one or two files and want to create backups of them beforehand
    - This will only have any effect on files, directories, or symlinks that are within the purview of the current Malre job
        - Run `malre --status` for details on what directories are included for the current job
    - For every argument that is a file, directory, or symlink, log the current timestamp and the ctime and permissions of that file, directory, or symlink previous to any other action
    - For every argument that is a file or symlink, create a Stat Watch backup of that file or symlink
    - A comment will be made for the backup indicating that it was taken prior to being manually edited
        - You can specify your own comment by using the "--comment" or "-c" flag.
        - Comments created in this manner will also be placed in the logs displayed with "--list"

note [FILENAME] (optional: [ANY NUMBER OF ADDITIONAL FILENAMES])
    - Log files that you want to set aside for the customer to assess if they're malicious
    - The use case for this is situation where a file has been flagged as malicious by a scan or appears to have created files as part of a malicious POST request, but you are unable to assess if the file is a problem just by looking at it
    - Also, capture details about the file(s) specified, and back them up
    - This will only have any effect on files, directories, or symlinks that are within the purview of the current Malre job
        - Run `malre --status` for details on what directories are included for the current job
    - For every argument that is a file, directory, or symlink, log the current timestamp and the ctime and permissions of that file, directory, or symlink previous to any other action
    - For every argument that is a file or symlink, create a Stat Watch backup of that file or symlink
    - A comment will be made for the backup indicating that it was set aside for customer review
        - You can specify your own comment by using the "--comment" or "-c" flag.
        - Comments created in this manner will also be placed in the logs displayed with "--list"

led [FILENAME] (optional: [ANY NUMBER OF ADDITIONAL FILENAMES])
    - Capture details about the file(s) specified, back them up, then open them in an editor
    - The use case for this is instances where you have a large number of files that you believe have injections and want to loop through editing them all in succession
    - This will only have any effect on files that are within the purview of the current Malre job
        - This will not have any effect on directories or symlinks
        - Run `malre --status` for details on what directories are included for the current job
    - The editor used will be what is defined in the "$EDITOR" session variable
    - For every argument that is a file, back the file up, then open the file in an editor. If, after the editor closes, the ctime of the file has changed, log that changes were made, and create a second backup of the file
    - A comment will be made for the backup indicating that it was edited in a loop edit
        - You can specify your own comment by using the "--comment" or "-c" flag.
        - Comments created in this manner will also be placed in the logs displayed with "--list"


ADDITIONAL FLAGS:
    - The argument "--" will indicate that every argument beyond that point is either a file, a directory, or a symlink (in case, for example, you need to delete a file named "--list")
    - The argument "--no-comment" will result in no comment being left for the backup
    - The arguments "-h" or "--help" will display this output
    - The arguments "-l" or "--list" will output all of the logs for that specific command since the last time they were flushed
        - If you add the argument "-a" or "--all", the entirety of that log will be output
        - If you add the argument "-f" or "--flush", only new entries will be output moving forward unless "-a" or "--all" is used.
        - By using "--flush" or "--all", you can better keep track of what you have and have not reported to the customer.
    - The "--flushall" or "--flush-all" flags will flush the logs (as with "--list --flush" described above), but for all four commands ('dis', 'bak', 'note', and 'led').