<yambe:breadcrumb self="Basic AIDE setup and usage">CentOS 8.x AIDE|AIDE</yambe:breadcrumb>

CentOS 8.x Basic AIDE setup and usage

Install AIDE

To install AIDE use:

dnf -y install aide

Configure AIDE

To configure AIDE edit /etc/aide.conf file appropriately. Have a look at Configuring basic AIDE server to under configuration file syntax. Ideally add interesting directories using:

/home/user1  DIR

Initialize database

To initialize database use:

aide --init

Check and update output database

To check the files against current DB and update output database use:

aide --update

There is also verbosity option -V with parameters from 0 to 255. 20 seems to have reasonable output.

Note that this only updates output database and not the main database against which checking is done. Later if you want to update current database use:

yes | cp  /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Getting report via cron

To get reports via cron and automatically update database use below cron script:

#!/bin/bash
/usr/bin/time /usr/sbin/aide --update -V20 2>&1 | mailx -s "Changed Aide Data" root@localhost
yes | cp  /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Use time slot judiciously as checking all files may take time and slow down the system

This assumes someone can check root@localhost email (Eg appropriate alias is set in /etc/aliases for root)

Example crontab entry:

15 0 * * *   	  /root/scripts/check_aide.sh

Refer:

• https://computingforgeeks.com/how-to-install-and-configure-aide-host-based-ids-on-rhel-8-centos-8/

<yambe:breadcrumb self="Basic AIDE setup and usage">CentOS 8.x AIDE|AIDE</yambe:breadcrumb>