Intrusion detection tools on Linux

AIDE is an opensource file integrity check tool. It can help you verifying files integrity in an easy way.

1. Install AIDE package on CentOS/RHEL:

# yum install -y aide

2. Check and adjust aide configuration file to fulfill your needs:

# vim /etc/aide.conf

3. Initialize AIDE database - it will scan all the files in folders that were included in the config file and save their hash as well as attributes info

4. You may consider keeping golden copy of AIDE database (default is set to /var/lib/aide/aide.db.gz) is secure and read-only location. It will allow you to compare current system integrity to the golden copy.
To check what changed run:

# aide -C

If you get "Couldn't open file /var/lib/aide/aide.db.gz for reading" error it means you need to move database generated in step 3 to this location:

# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

In this article, I am totally follow in his instruction: http://sysadmin-notepad.blogspot.com/2013/07/intrusion-detection-tools-on-linux-aide.html

Thank you :)

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

...

I'm Tien. I love to write, share my knowledge, help others and also learn from others as I believe everyone has something which can be learned. You can reach me at 4flancake at gmail dot com

Intrusion detection tools on Linux - AIDE

0 nhận xét:

Post a Comment

Pages

Contact Me

Popular Posts

Categories

Blog Archive