CentOS 8.x Basic AIDE setup and usage

From Notes_Wiki
Revision as of 17:12, 15 May 2022 by Saurabh (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > CentOS > CentOS 8.x > CentOS 8.x Security tools > CentOS 8.x AIDE > CentOS 8.x Basic AIDE setup and usage

Install AIDE

To install AIDE use:

dnf -y install aide


Configure AIDE

To configure AIDE edit /etc/aide.conf file appropriately. Have a look at Configuring basic AIDE server to under configuration file syntax. Ideally add interesting directories using:

/home/user1  DIR


Initialize database

To initialize database use:

aide --init


Check and update output database

To check the files against current DB and update output database use:

aide --update

There is also verbosity option -V with parameters from 0 to 255. 20 seems to have reasonable output.

Note that this only updates output database and not the main database against which checking is done. Later if you want to update current database use:

yes | cp  /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz


Getting report via cron

To get reports via cron and automatically update database use below cron script:

#!/bin/bash
/usr/bin/time /usr/sbin/aide --update -V20 2>&1 | mailx -s "Changed Aide Data" root@localhost
yes | cp  /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Use time slot judiciously as checking all files may take time and slow down the system

This assumes someone can check root@localhost email (Eg appropriate alias is set in /etc/aliases for root)

Example crontab entry:

15 0 * * *   	  /root/scripts/check_aide.sh



Refer:


Home > CentOS > CentOS 8.x > CentOS 8.x Security tools > CentOS 8.x AIDE > CentOS 8.x Basic AIDE setup and usage