Difference between revisions of "CentOS 8.x Basic AIDE setup and usage"
(Created page with "<yambe:breadcrumb self="Basic AIDE setup and usage">CentOS 8.x AIDE|AIDE</yambe:breadcrumb> =CentOS 8.x Basic AIDE setup and usage= ==Install AIDE== To install AIDE use: <pre...") |
m |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x Security tools]] > [[CentOS 8.x AIDE]] > [[CentOS 8.x Basic AIDE setup and usage]] | |||
==Install AIDE== | ==Install AIDE== | ||
| Line 42: | Line 41: | ||
<pre> | <pre> | ||
#!/bin/bash | #!/bin/bash | ||
/usr/bin/time aide --update -V20 | mailx -s "Changed Aide Data" root@localhost | /usr/bin/time /usr/sbin/aide --update -V20 2>&1 | mailx -s "Changed Aide Data" root@localhost | ||
yes | cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz | yes | cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz | ||
</pre> | </pre> | ||
| Line 48: | Line 47: | ||
This assumes someone can check root@localhost email (Eg appropriate alias is set in /etc/aliases for root) | This assumes someone can check root@localhost email (Eg appropriate alias is set in /etc/aliases for root) | ||
Example crontab entry: | |||
<pre> | |||
15 0 * * * /root/scripts/check_aide.sh | |||
</pre> | |||
| Line 56: | Line 61: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x Security tools]] > [[CentOS 8.x AIDE]] > [[CentOS 8.x Basic AIDE setup and usage]] | |||
Latest revision as of 17:12, 15 May 2022
Home > CentOS > CentOS 8.x > CentOS 8.x Security tools > CentOS 8.x AIDE > CentOS 8.x Basic AIDE setup and usage
Install AIDE
To install AIDE use:
dnf -y install aide
Configure AIDE
To configure AIDE edit /etc/aide.conf file appropriately. Have a look at Configuring basic AIDE server to under configuration file syntax. Ideally add interesting directories using:
/home/user1 DIR
Initialize database
To initialize database use:
aide --init
Check and update output database
To check the files against current DB and update output database use:
aide --update
There is also verbosity option -V with parameters from 0 to 255. 20 seems to have reasonable output.
Note that this only updates output database and not the main database against which checking is done. Later if you want to update current database use:
yes | cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
Getting report via cron
To get reports via cron and automatically update database use below cron script:
#!/bin/bash /usr/bin/time /usr/sbin/aide --update -V20 2>&1 | mailx -s "Changed Aide Data" root@localhost yes | cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
Use time slot judiciously as checking all files may take time and slow down the system
This assumes someone can check root@localhost email (Eg appropriate alias is set in /etc/aliases for root)
Example crontab entry:
15 0 * * * /root/scripts/check_aide.sh
Refer:
Home > CentOS > CentOS 8.x > CentOS 8.x Security tools > CentOS 8.x AIDE > CentOS 8.x Basic AIDE setup and usage
