Configuring a host-based intrusion detection system (IDS) on CentOS6.5

Source: Internet
Author: User
Tags add time unsupported gstreamer

Project background:

AIDE ("Advanced Intrusion Detection Environment" abbreviation) is an open source host-based intrusion detection system. Aide checks the integrity of the system binaries and basic configuration files by examining the inconsistency of a large number of file attributes, including permissions, file types, index nodes, links, link names, users, groups, file size, block count, modification time, add time, creation time, ACL, Various features, including the SELinux security context, Xattrs, and Md5/sha checksum values.

Aide builds a file property database by scanning a file system of a (unmodified) Linux server, then proofreading the server file properties against the database, and then warns the modified indexed files when the server is running. For this reason, aide must re-index the protected file after the system has been updated or its configuration file has been legitimately modified.




Lab Environment:

VMware Workstation 11

Under the centos6.5 system

Server: ip:192.168.0.57

Aide-0.14-7.el6.x86_64

SECURECRT (SSH remote connection software)





Usually we need a clean environment on the newly installed system!

Experimental process

First, the software download

[email protected] ~]# Yum install aide-y

Second, the software downloaded successfully after the network shutdown

[[Email protected] ~]# service network stop

Third, aide database initialization

[email protected] desktop]# aide--init


AIDE, version 0.14


# # # AIDE Database at/var/lib/aide/aide.db.new.gz initialized.

Four, the database file rename, otherwise the words aide can't read out

[Email protected] desktop]# mv/var/lib/aide/aide.db.new.gz/var/lib/aide/aide.db.gz

V. Software inspection

Enter aide directly at the command line (input will wait a long time ~ ~ ~)

[email protected] desktop]# Aide

AIDE found differences between database and filesystem!!

Start timestamp:2016-03-22 03:09:05


Summary:

Total number of files:85618

Added files:0

Removed files:0

Changed files:39



---------------------------------------------------

Changed files:

---------------------------------------------------


Changed:/usr/sbin

Changed:/usr/libexec

Changed:/usr/libexec/openssh

Changed:/usr/libexec/gnome-screensaver

Changed:/usr/libexec/awk

Changed:/usr/libexec/gcc/x86_64-redhat-linux/4.4.4

Changed:/usr/libexec/gnome-applets

Changed:/usr/libexec/gstreamer-0.10

Changed:/usr/libexec/file-roller

Changed:/usr/libexec/polkit-1

Changed:/usr/libexec/utempter

Changed:/usr/libexec/pulse

Changed:/usr/libexec/getconf

Changed:/USR/LIBEXEC/WEBKITGTK

Changed:/usr/lib/cups/driver

Changed:/usr/lib/cups/filter

Changed:/usr/lib64

Changed:/usr/lib64/nspluginwrapper

Changed:/USR/LIB64/VTE

Changed:/usr/lib64/firefox

Changed:/usr/lib64/seahorse

Changed:/usr/lib64/pm-utils/bin

Changed:/usr/lib64/udev

Changed:/usr/lib64/gnome-session/helpers

Changed:/usr/lib64/nss/unsupported-tools

Changed:/usr/lib64/libv4l

Changed:/usr/lib64/libgphoto2

Changed:/USR/LIB64/FESTIVAL/ETC

Changed:/usr/lib64/perl5/core

Changed:/usr/lib64/sa

Changed:/usr/lib64/xulrunner

Changed:/usr/lib64/gthumb

Changed:/usr/lib64/hal/scripts

Changed:/usr/bin

Changed:/lib/udev

Changed:/lib64

Changed:/lib64/dbus-1

Changed:/bin

Changed:/sbin


--------------------------------------------------

Detailed information about changes:

---------------------------------------------------



Directory:/usr/sbin

Mtime:2016-03-22 02:44:18, 2016-03-22 02:57:45

Ctime:2016-03-22 02:44:18, 2016-03-22 02:57:45


Directory:/usr/libexec

Mtime:2016-03-22 02:44:34, 2016-03-22 02:58:06

Ctime:2016-03-22 02:44:34, 2016-03-22 02:58:06


Directory:/usr/libexec/openssh

Mtime:2016-03-22 02:44:35, 2016-03-22 02:58:06

Ctime:2016-03-22 02:44:35, 2016-03-22 02:58:06


Directory:/usr/libexec/gnome-screensaver

Mtime:2016-03-22 02:44:35, 2016-03-22 02:58:07

Ctime:2016-03-22 02:44:35, 2016-03-22 02:58:07


Directory:/usr/libexec/awk

Mtime:2016-03-22 02:44:35, 2016-03-22 02:58:07

Ctime:2016-03-22 02:44:35, 2016-03-22 02:58:07


Directory:/usr/libexec/gcc/x86_64-redhat-linux/4.4.4

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:08

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:08


Directory:/usr/libexec/gnome-applets

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:08

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:08


Directory:/usr/libexec/gstreamer-0.10

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:08

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:08


Directory:/usr/libexec/file-roller

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:08

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:08


Directory:/usr/libexec/polkit-1

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:08

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:08


Directory:/usr/libexec/utempter

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:08

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:08


Directory:/usr/libexec/pulse

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:09

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:09


Directory:/usr/libexec/getconf

Mtime:2016-03-22 02:44:36, 2016-03-22 02:58:09

Ctime:2016-03-22 02:44:36, 2016-03-22 02:58:09


Directory:/USR/LIBEXEC/WEBKITGTK

Mtime:2016-03-22 02:44:38, 2016-03-22 02:58:10

Ctime:2016-03-22 02:44:38, 2016-03-22 02:58:10


Directory:/usr/lib/cups/driver

Mtime:2016-03-22 02:44:38, 2016-03-22 02:58:11

Ctime:2016-03-22 02:44:38, 2016-03-22 02:58:11


Directory:/usr/lib/cups/filter

Mtime:2016-03-22 02:44:39, 2016-03-22 02:58:12

Ctime:2016-03-22 02:44:39, 2016-03-22 02:58:12


Directory:/usr/lib64

Mtime:2016-03-22 02:45:51, 2016-03-22 02:59:15

Ctime:2016-03-22 02:45:51, 2016-03-22 02:59:15


Directory:/usr/lib64/nspluginwrapper

Mtime:2016-03-22 02:45:52, 2016-03-22 02:59:16

Ctime:2016-03-22 02:45:52, 2016-03-22 02:59:16


Directory:/usr/lib64/vte

Mtime:2016-03-22 02:46:05, 2016-03-22 02:59:31

Ctime:2016-03-22 02:46:05, 2016-03-22 02:59:31


Directory:/usr/lib64/firefox

Mtime:2016-03-22 02:46:10, 2016-03-22 02:59:36

Ctime:2016-03-22 02:46:10, 2016-03-22 02:59:36


Directory:/usr/lib64/seahorse

Mtime:2016-03-22 02:46:12, 2016-03-22 02:59:39

Ctime:2016-03-22 02:46:12, 2016-03-22 02:59:39


Directory:/usr/lib64/pm-utils/bin

Mtime:2016-03-22 02:46:12, 2016-03-22 02:59:39

Ctime:2016-03-22 02:46:12, 2016-03-22 02:59:39


Directory:/usr/lib64/udev

Mtime:2016-03-22 02:46:12, 2016-03-22 02:59:39

Ctime:2016-03-22 02:46:12, 2016-03-22 02:59:39


Directory:/usr/lib64/gnome-session/helpers

Mtime:2016-03-22 02:46:13, 2016-03-22 02:59:40

Ctime:2016-03-22 02:46:13, 2016-03-22 02:59:40


Directory:/usr/lib64/nss/unsupported-tools

Mtime:2016-03-22 02:46:14, 2016-03-22 02:59:41

Ctime:2016-03-22 02:46:14, 2016-03-22 02:59:41


Directory:/usr/lib64/libv4l

Mtime:2016-03-22 02:46:15, 2016-03-22 02:59:42

Ctime:2016-03-22 02:46:15, 2016-03-22 02:59:42


Directory:/usr/lib64/libgphoto2

Mtime:2016-03-22 02:46:15, 2016-03-22 02:59:42

Ctime:2016-03-22 02:46:15, 2016-03-22 02:59:42


Directory:/usr/lib64/festival/etc

Mtime:2016-03-22 02:46:17, 2016-03-22 02:59:44

Ctime:2016-03-22 02:46:17, 2016-03-22 02:59:44


Directory:/usr/lib64/perl5/core

Mtime:2016-03-22 02:46:18, 2016-03-22 02:59:45

Ctime:2016-03-22 02:46:18, 2016-03-22 02:59:45


Directory:/usr/lib64/sa

Mtime:2016-03-22 02:46:20, 2016-03-22 02:59:47

Ctime:2016-03-22 02:46:20, 2016-03-22 02:59:47


Directory:/usr/lib64/xulrunner

Mtime:2016-03-22 02:46:27, 2016-03-22 02:59:53

Ctime:2016-03-22 02:46:27, 2016-03-22 02:59:53


Directory:/usr/lib64/gthumb

Mtime:2016-03-22 02:46:27, 2016-03-22 02:59:54

Ctime:2016-03-22 02:46:27, 2016-03-22 02:59:54


Directory:/usr/lib64/hal/scripts

Mtime:2016-03-22 02:46:27, 2016-03-22 02:59:54

Ctime:2016-03-22 02:46:27, 2016-03-22 02:59:54


Directory:/usr/bin

Mtime:2016-03-22 02:47:27, 2016-03-22 03:01:02

Ctime:2016-03-22 02:47:27, 2016-03-22 03:01:02


Directory:/lib/udev

Mtime:2016-03-22 02:54:03, 2016-03-22 03:07:19

Ctime:2016-03-22 02:54:03, 2016-03-22 03:07:19


Directory:/lib64

Mtime:2016-03-22 02:54:09, 2016-03-22 03:07:25

Ctime:2016-03-22 02:54:09, 2016-03-22 03:07:25


Directory:/lib64/dbus-1

Mtime:2016-03-22 02:54:10, 2016-03-22 03:07:26

Ctime:2016-03-22 02:54:10, 2016-03-22 03:07:26


Directory:/bin

Mtime:2016-03-22 02:54:13, 2016-03-22 03:07:30

Ctime:2016-03-22 02:54:13, 2016-03-22 03:07:30


Directory:/sbin

Mtime:2016-03-22 02:54:20, 2016-03-22 03:07:36

Ctime:2016-03-22 02:54:20, 2016-03-22 03:07:36


You can see that there will be a lot of output!


Summary: This is an open-source intrusion detection system, I believe you in your own production environment will be used!

Knowledge is about sharing Thank you all





This article is from the "Make a few" blog, be sure to keep this source http://9399369.blog.51cto.com/9389369/1754025

Configuring a host-based intrusion detection system (IDS) on CentOS6.5

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.