# yum install aide+
# /usr/sbin/aide --init+By default, the database will be written to the file /var/lib/aide/aide.db.new.gz. +Storing the database, the configuration file /etc/aide.conf, and the binary +/usr/sbin/aide (or hashes of these files), in a secure location (such as on read-only media) provides additional assurance about their integrity. +The newly-generated database can be installed as follows: +
# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz+To initiate a manual check, run the following command: +
# /usr/sbin/aide --check+If this check produces any unexpected output, investigate. +
05 4 * * * root /usr/sbin/aide --check+AIDE can be executed periodically through other means; this is merely one example. +
# grep aide /etc/crontab+
# rpm -qVa+See the man page for rpm to see a complete explanation of each column. +
# rpm -qf FILENAME+Next, run the following command to reset its permissions to +the correct values: +
# rpm --setperms PACKAGENAME+
# rpm -Va | grep '^.M'+
# rpm -Va | grep '^..5'+A "c" in the second column indicates that a file is a configuration file, which +may appropriately be expected to change. If the file was not expected to +change, investigate the cause of the change using audit logs or other means. +The package can then be reinstalled to restore the file. +Run the following command to determine which package owns the file: +
# rpm -qf FILENAME+The package can be reinstalled from a yum repository using the command: +
yum reinstall PACKAGENAME+Alternatively, the package can be reinstalled from trusted media using the command: +
rpm -Uvh PACKAGENAME+
# rpm -Va | awk '$1 ~ /..5/ && $2 != "c"'+
# /etc/init.d/nails status+
# cd /opt/NAI/LinuxShield/engine/dat +# ls -la avvscan.dat avvnames.dat avvclean.dat+
# grep uvscan /etc/cron* /var/spool/cron/*-This will reveal if and when the uvscan program will be run. +To verify the McAfee VSEL system service is operational, +run the following command: +
# /etc/init.d/nails status
# cd /usr/local/uvscan +# cd /opt/NAI/LinuxShield/engine/dat # ls -la avvscan.dat avvnames.dat avvclean.dat