Skip to content

Quck demo of Advanced Intrusion Detection Environment (AIDE)

Notifications You must be signed in to change notification settings

marktonneson/demo-aide

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

demo-aide

Quick demo of Advanced Intrusion Detection Environment (AIDE)

Advanced Intrusion Detection Environment (AIDE) is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions.

Installation and Configuration

To install the aide package, enter the following command as root:

      # yum install aide

To generate an initial database, enter the following command as root. To start using the database, remove the .new substring from the initial database file name

      # aide --init
      # mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

To initiate a manual check, enter the following command as root:

      # aide --check

After the changes of your system such as package updates or configuration files adjustments are verified, update your baseline AIDE database:

      # aide --update && mv -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

At a minimum, AIDE should be configured to run a weekly scan. At most, AIDE should be run daily. For example, to schedule a daily execution of AIDE at 4:05 am using cron, add the following line to /etc/crontab:

      05 4 * * * root /usr/sbin/aide --check

In the default configuration, the aide --init command checks just a set of directories and files defined in the /etc/aide.conf file. To include additional directories or files in the AIDE database, and to change their watched parameters, edit /etc/aide.conf accordingly

To change the location of the AIDE database, edit the /etc/aide.conf file and modify the DBDIR value. For additional security, store the database, configuration, and the /usr/sbin/aide binary file in a secure location such as a read-only media.

Important: To avoid SELinux denials after the AIDE database location change, update your SELinux policy accordingly.

References and Resources

About

Quck demo of Advanced Intrusion Detection Environment (AIDE)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages