AIDE (Advanced intrusion Detection Environment) is a program for checking the integrity of files and directories and is developed as a substitute for tripwire.
How aide Works
This tool is not too young, Tripwire said, it is easier to operate than the same tool. It needs to take a snapshot of the system, record the hash value, the modification time, and the administrator's preprocessing of the file. This snapshot allows the administrator to set up a database and store it on an external device for safekeeping.
When an administrator wants to perform an integrity check on the system, the administrator places the previously built database in a region that the current system can access, then compares the current system's state to the database with aide, and finally reports the changes to the current system to the administrator. In addition, the aide can be configured to run regularly, using scheduling technology such as cron, daily test report to the system.
This system is mainly used for operation and maintenance security detection, aide will report to the administrator all the malicious changes in the system.
Characteristics of Aide
Support Message digest algorithm: MD5, SHA1, rmd160, Tiger, CRC32, sha256, sha512, whirlpool
Support file properties: File type, file permissions, index node, uid,gid, link name, file size, block size, number of links, Mtime,ctime,atime
Support for POSIX acl,selinux,xattrs, extended file System Properties
Plain text configuration file, compact database
Powerful regular expression for easy filtering of files and directories to monitor
Support for GZIP database compression
Standalone binary statically compiled client/server monitoring configuration
This article is from the "Sanr" blog, make sure to keep this source http://0x007.blog.51cto.com/6330498/1699033
File System Detection Tool aide