File System Detection Tool aide

AIDE (Advanced intrusion Detection Environment) is a program for checking the integrity of files and directories and is developed as a substitute for tripwire.

How aide Works

This tool is not too young, Tripwire said, it is easier to operate than the same tool. It needs to take a snapshot of the system, record the hash value, the modification time, and the administrator's preprocessing of the file. This snapshot allows the administrator to set up a database and store it on an external device for safekeeping.
When an administrator wants to perform an integrity check on the system, the administrator places the previously built database in a region that the current system can access, then compares the current system's state to the database with aide, and finally reports the changes to the current system to the administrator. In addition, the aide can be configured to run regularly, using scheduling technology such as cron, daily test report to the system.
This system is mainly used for operation and maintenance security detection, aide will report to the administrator all the malicious changes in the system.

Characteristics of Aide

Support Message digest algorithm: MD5, SHA1, rmd160, Tiger, CRC32, sha256, sha512, whirlpool

Support file properties: File type, file permissions, index node, uid,gid, link name, file size, block size, number of links, Mtime,ctime,atime

Support for POSIX acl,selinux,xattrs, extended file System Properties

Plain text configuration file, compact database

Powerful regular expression for easy filtering of files and directories to monitor

Support for GZIP database compression

Standalone binary statically compiled client/server monitoring configuration

This article is from the "Sanr" blog, make sure to keep this source http://0x007.blog.51cto.com/6330498/1699033

File System Detection Tool aide