Home > Others

Configuring a host-based intrusion detection system (IDS) on CentOS6.5

Source: Internet
Author: User
Tags add time unsupported gstreamer
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Project background:

AIDE ("Advanced Intrusion Detection Environment" abbreviation) is an open source host-based intrusion detection system. Aide checks the integrity of the system binaries and basic configuration files by examining the inconsistency of a large number of file attributes, including permissions, file types, index nodes, links, link names, users, groups, file size, block count, modification time, add time, creation time, ACL, Various features, including the SELinux security context, Xattrs, and Md5/sha checksum values.

Aide builds a file property database by scanning a file system of a (unmodified) Linux server, then proofreading the server file properties against the database, and then warns the modified indexed files when the server is running. For this reason, aide must re-index the protected file after the system has been updated or its configuration file has been legitimately modified.




Lab Environment:

VMware Workstation 11

Under the centos6.5 system

Server: ip:192.168.0.57

Aide-0.14-7.el6.x86_64

SECURECRT (SSH remote connection software)





Usually we need a clean environment on the newly installed system!

Experimental process

First, the software download

[email protected] ~]# Yum install aide-y

Second, the software downloaded successfully after the network shutdown

[[Email protected] ~]# service network stop

Third, aide database initialization

[email protected] desktop]# aide--init


AIDE, version 0.14


# # # AIDE Database at/var/lib/aide/aide.db.new.gz initialized.

Four, the database file rename, otherwise the words aide can't read out

[Email protected] desktop]# mv/var/lib/aide/aide.db.new.gz/var/lib/aide/aide.db.gz

V. Software inspection

Enter aide directly at the command line (input will wait a long time ~ ~ ~)

[email protected] desktop]# Aide

AIDE found differences between database and filesystem!!

Start timestamp:2016-03-22 03:09:05


Summary:

Total number of files:85618

Added files:0

Removed files:0

Changed files:39



---------------------------------------------------

Changed files:

---------------------------------------------------


Changed:/usr/sbin

Changed:/usr/libexec

Changed:/usr/libexec/openssh

Changed:/usr/libexec/gnome-screensaver

Changed:/usr/libexec/awk

Changed:/usr/libexec/gcc/x86_64-redhat-linux/4.4.4

Changed:/usr/libexec/gnome-applets

Changed:/usr/libexec/gstreamer-0.10

Changed:/usr/libexec/file-roller

Changed:/usr/libexec/polkit-1

Changed:/usr/libexec/utempter

Changed:/usr/libexec/pulse

Changed:/usr/libexec/getconf

Changed:/USR/LIBEXEC/WEBKITGTK

Changed:/usr/lib/cups/driver

Changed:/usr/lib/cups/filter

Changed:/usr/lib64

Changed:/usr/lib64/nspluginwrapper

Changed:/USR/LIB64/VTE

Changed:/usr/lib64/firefox

Changed:/usr/lib64/seahorse

Changed:/usr/lib64/pm-utils/bin

Changed:/usr/lib64/udev

Changed:/usr/lib64/gnome-session/helpers

Changed:/usr/lib64/nss/unsupported-tools

Changed:/usr/lib64/libv4l

Changed:/usr/lib64/libgphoto2

Changed:/USR/LIB64/FESTIVAL/ETC

Changed:/usr/lib64/perl5/core

Changed:/usr/lib64/sa

Changed:/usr/lib64/xulrunner

Changed:/usr/lib64/gthumb

Changed:/usr/lib64/hal/scripts

Changed:/usr/bin

Changed:/lib/udev

Changed:/lib64

Changed:/lib64/dbus-1

Changed:/bin

Changed:/sbin


--------------------------------------------------

Detailed information about changes:

---------------------------------------------------



Directory:/usr/sbin

Mtime:2016-03-22 02:44:18, 2016-03-22 02:57:45

Ctime:2016-03-22 02:44:18, 2016-03-22 02:57:45


Directory:/usr/libexec

Mtime:2016-03-22 02:44:34, 2016-03-22 02:58:06

Ctime:2016-03-22 02:44:34, 2016-03-22 02:58:06


Directory:/usr/libexec/openssh

Mtime:2016-03-22 02:44:35, 2016-03-22 02:58:06

Ctime:2016-03-22 02:44:35, 2016-03-22 02:58:06


Directory:/usr/libexec/gnome-screensaver

Mtime:2016-03-22 02:44:35, 2016-03-22 02:58:07

Ctime:2016-03-22 02:44:35, 2016-03-22 02:58:07


Directory:/usr/libexec/awk

Mtime:2016-03-22 02:44:35, 2016-03-22 02:58:07

Ctime:2016-03-22 02:44:35, 2016-03-22 02:58:07


Directory:/usr/libexec/gcc/x86_64-redhat-linux/4.4.4

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:08

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:08


Directory:/usr/libexec/gnome-applets

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:08

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:08


Directory:/usr/libexec/gstreamer-0.10

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:08

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:08


Directory:/usr/libexec/file-roller

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:08

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:08


Directory:/usr/libexec/polkit-1

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:08

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:08


Directory:/usr/libexec/utempter

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:08

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:08


Directory:/usr/libexec/pulse

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:09

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:09


Directory:/usr/libexec/getconf

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:09

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:09


Directory:/USR/LIBEXEC/WEBKITGTK

Mtime:2016-03-22 02:44:38, 2016-03-22 02:58:10

Ctime:2016-03-22 02:44:38, 2016-03-22 02:58:10


Directory:/usr/lib/cups/driver

Mtime:2016-03-22 02:44:38, 2016-03-22 02:58:11

Ctime:2016-03-22 02:44:38, 2016-03-22 02:58:11


Directory:/usr/lib/cups/filter

Mtime:2016-03-22 02:44:39, 2016-03-22 02:58:12

Ctime:2016-03-22 02:44:39, 2016-03-22 02:58:12


Directory:/usr/lib64

Mtime:2016-03-22 02:45:51, 2016-03-22 02:59:15

Ctime:2016-03-22 02:45:51, 2016-03-22 02:59:15


Directory:/usr/lib64/nspluginwrapper

Mtime:2016-03-22 02:45:52, 2016-03-22 02:59:16

Ctime:2016-03-22 02:45:52, 2016-03-22 02:59:16


Directory:/usr/lib64/vte

Mtime:2016-03-22 02:46:05, 2016-03-22 02:59:31

Ctime:2016-03-22 02:46:05, 2016-03-22 02:59:31


Directory:/usr/lib64/firefox

Mtime:2016-03-22 02:46:10, 2016-03-22 02:59:36

Ctime:2016-03-22 02:46:10, 2016-03-22 02:59:36


Directory:/usr/lib64/seahorse

Mtime:2016-03-22 02:46:12, 2016-03-22 02:59:39

Ctime:2016-03-22 02:46:12, 2016-03-22 02:59:39


Directory:/usr/lib64/pm-utils/bin

Mtime:2016-03-22 02:46:12, 2016-03-22 02:59:39

Ctime:2016-03-22 02:46:12, 2016-03-22 02:59:39


Directory:/usr/lib64/udev

Mtime:2016-03-22 02:46:12, 2016-03-22 02:59:39

Ctime:2016-03-22 02:46:12, 2016-03-22 02:59:39


Directory:/usr/lib64/gnome-session/helpers

Mtime:2016-03-22 02:46:13, 2016-03-22 02:59:40

Ctime:2016-03-22 02:46:13, 2016-03-22 02:59:40


Directory:/usr/lib64/nss/unsupported-tools

Mtime:2016-03-22 02:46:14, 2016-03-22 02:59:41

Ctime:2016-03-22 02:46:14, 2016-03-22 02:59:41


Directory:/usr/lib64/libv4l

Mtime:2016-03-22 02:46:15, 2016-03-22 02:59:42

Ctime:2016-03-22 02:46:15, 2016-03-22 02:59:42


Directory:/usr/lib64/libgphoto2

Mtime:2016-03-22 02:46:15, 2016-03-22 02:59:42

Ctime:2016-03-22 02:46:15, 2016-03-22 02:59:42


Directory:/usr/lib64/festival/etc

Mtime:2016-03-22 02:46:17, 2016-03-22 02:59:44

Ctime:2016-03-22 02:46:17, 2016-03-22 02:59:44


Directory:/usr/lib64/perl5/core

Mtime:2016-03-22 02:46:18, 2016-03-22 02:59:45

Ctime:2016-03-22 02:46:18, 2016-03-22 02:59:45


Directory:/usr/lib64/sa

Mtime:2016-03-22 02:46:20, 2016-03-22 02:59:47

Ctime:2016-03-22 02:46:20, 2016-03-22 02:59:47


Directory:/usr/lib64/xulrunner

Mtime:2016-03-22 02:46:27, 2016-03-22 02:59:53

Ctime:2016-03-22 02:46:27, 2016-03-22 02:59:53


Directory:/usr/lib64/gthumb

Mtime:2016-03-22 02:46:27, 2016-03-22 02:59:54

Ctime:2016-03-22 02:46:27, 2016-03-22 02:59:54


Directory:/usr/lib64/hal/scripts

Mtime:2016-03-22 02:46:27, 2016-03-22 02:59:54

Ctime:2016-03-22 02:46:27, 2016-03-22 02:59:54


Directory:/usr/bin

Mtime:2016-03-22 02:47:27, 2016-03-22 03:01:02

Ctime:2016-03-22 02:47:27, 2016-03-22 03:01:02


Directory:/lib/udev

Mtime:2016-03-22 02:54:03, 2016-03-22 03:07:19

Ctime:2016-03-22 02:54:03, 2016-03-22 03:07:19


Directory:/lib64

Mtime:2016-03-22 02:54:09, 2016-03-22 03:07:25

Ctime:2016-03-22 02:54:09, 2016-03-22 03:07:25


Directory:/lib64/dbus-1

Mtime:2016-03-22 02:54:10, 2016-03-22 03:07:26

Ctime:2016-03-22 02:54:10, 2016-03-22 03:07:26


Directory:/bin

Mtime:2016-03-22 02:54:13, 2016-03-22 03:07:30

Ctime:2016-03-22 02:54:13, 2016-03-22 03:07:30


Directory:/sbin

Mtime:2016-03-22 02:54:20, 2016-03-22 03:07:36

Ctime:2016-03-22 02:54:20, 2016-03-22 03:07:36


You can see that there will be a lot of output!


Summary: This is an open-source intrusion detection system, I believe you in your own production environment will be used!

Knowledge is about sharing Thank you all





This article is from the "Make a few" blog, be sure to keep this source http://9399369.blog.51cto.com/9389369/1754025

Configuring a host-based intrusion detection system (IDS) on CentOS6.5

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
snort intrusion detection system perimeter intrusion detection system intrusion detection system software intrusion detection system vendors fiber optic intrusion detection system nids network intrusion detection system jacks network intrusion detection system

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More