1. Install AIDE package on CentOS/RHEL:
# yum install -y aide
2. Check and adjust aide configuration file to fulfill your needs:
# vim /etc/aide.conf
3. Initialize AIDE database - it will scan all the files in folders that were included in the config file and save their hash as well as attributes info
4. You may consider keeping golden copy of AIDE database (default is set to /var/lib/aide/aide.db.gz) is secure and read-only location. It will allow you to compare current system integrity to the golden copy.
To check what changed run:
# aide -CIf you get "Couldn't open file /var/lib/aide/aide.db.gz for reading" error it means you need to move database generated in step 3 to this location:
# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
In this article, I am totally follow in his instruction: http://sysadmin-notepad.blogspot.com/2013/07/intrusion-detection-tools-on-linux-aide.html
Thank you :)
Thank you for reading this article, please a comment if you are interested.
Tiến Phan - R0039
Knowledge is Endless
Sharing for Success
0 nhận xét:
Post a Comment