The aide of linux*** detection tools

AIDE (Advanced intrusion Detection environment, high-level detection environment) is a detection tool, the main it through the system of "miniature" to compare, the period of operation recorded clearly continue. For example, a XXX in your server to do some hands and feet, or grab your server to be a miner, if there is a aide, into the comparison will know the operation record, so that the other side to increase, delete, change, check what documents, so modify back on it.
The following is the installation of aide:

If it is a centos system, update the Yum source directly? Yum install aide-y, such installation, configuration files in/etc/aide.cconf;

At that time, the company used the Debian, in fact Apt-get install aide installation is possible, but in the use of some problems (in fact, the system and the installation package of problems), the use of installation packages installed;

Required Packages: Flex, Bison, Mhash, zlib;

I have downloaded a mhash package here, the others are directly installed from the source.
?? ?? Tar xzvf mhash-0.9.9.9.tar.gz??????????????? Unpacking the installation package
mhash-0.9.9.9/?????????????????//Enter the extracted directory
?? ?. /configure?????????????????//Perform Configure
?? ?????????????????????????????????????? Make compilation
?? ? Make install??????????????????????????????? Installation

OK, now that you have installed the Mhash package, then install the other.

??? Apt-get Install Bison

If the install installation is unsuccessful, then use??? Aptitude Install bison?? for installation;

I use the install installed when the error, the use of aptitude install Bison can be smart installation, if there is no aptitude command install installed on the OK;

??? Apt-get Install Flex-y
??? apt-get Install zlib*?? ?

Install zlib time Package too much, decompression down probably have 800+mb, so in advance to see their hard disk capacity;

?? Tar xzvf aide-0.15.1.tar.gz???????????//Unzip the downloaded aide package
?? cd aide-0.15.1/???????????????????//Enter the extracted directory
?? ?. /configure--prefix=/usr/local/aide--with-mhash??? Specifying the installation directory and related packages
?? ??????????????????????????????????? Make compilation
?? ? Make install?????????????????????????????????? Installation

Mine is installed under the/usr/local/aide;

?? ? Create a new etc folder under/usr/local/aide/:
?? ??? mkdir etc????????????????????????????? Create a new ETC folder to hold the configuration file

Into AIDE-0.15.1/? Unpack the Doc folder in the package and copy the aide.conf configuration file to/usr/local/aide/etc/.

? ? CP aide-0.15.1/doc/aide.conf??? /usr/local/aide/etc/

Copy the aide executable file to/bin for easy command use, but this seems to be a bad thing to use. /usr/local/aide/bin under the aide:?
Cp/usr/local/aide??????????????????????????????????????????
?? ?
?? Configure the Aide.conf file, locate the following parameter, and modify it as follows:
?? ??? ? database=file:/usr/local/aide/aide.db.gz?? ??? ??? ??? ? #生成的系统镜像目录和格式
?? ??? ? database_out=file:/usr/local/aide/aide.db.new.gz?? ??? ? #新生成的系统镜像目录和格式
? ? ? Add the following at the end (these are the directories to monitor or to generate a system image):
?? ??? ??? ?/bin R
?? ??? ??? ?/sbin R
?? ??? ??? ?/usr R
?? ??? ??? ?/etc R
?? ??? ??? ?/tmp R
?? ??? ??? ?/root R

After the configuration is complete, you can use:

? Execute the/usr/local/aide/bin/aide??? --init? Or???? /usr/local/aide/bin/aide?? -I? Generate System Image

(Always feel so wrong, mirror ...) (⊙o⊙) ... ）

Then?? There will be a aide.db.new.gz file under/usr/local/aide/,

Need to modify:? Mv?? Aide.db.new.gz, aide.db.gz??//So that the new system image into a system image, haha ...

The aide.db.gz file is the equivalent of recording the system's properties at the time and will be found if there are any changes to those folders in the configuration file.

Perform??? Usr/local/aide/bin/aide??-C? Yes, this c is in uppercase!

Wait for the output result is OK, oneself can test under;

The aide of linux*** detection tools