1. Overview of Aide
AIDE (adevanced intrusion Detection environment, advanced intrusion detection environment) is an intrusion detection tool that is primarily used to check the integrity of text.
Aide is able to construct a database of the specified document, using AIDE.CONF as its configuration document. The aide database is able to hold various properties of the document, including: Permissions (permission), index node ordinal (inode number), owner (user), owning user group, document size, last modified time (mtime), Creation time (CTime ), last access Time (atime), increased size, and number of connections. Aide is also able to use the following algorithms: SHA1, MD5, rmd160, Tiger, to establish a checksum or hash number for each document in ciphertext form. 2. Aide Deployment Yum-y Install Aide 3: Config file/etc/aide.conf for intuitive [[email protected] ~]# grep-v ^#/etc/aide.conf |grep-v ^$ >/E Tc/aide2.conf[[email protected] ~]# mv/etc/aide2.conf/etc/aide.conf
Mv:overwrite '/etc/aide.conf '? Y 4: Create test directory and test file [[email protected] ~]# mkdir Aide_test_check
[Email protected] ~]# cp/etc/hosts*./AIDE_TEST_CHECK/5: Custom profile @ @define dbdir/var/lib/aide--Benchmark Database directory
@ @define Logdir/var/log/aide
DATABASE=FILE:@@{DBDIR}/AIDE.DB.GZ--Benchmark database files
database_out=file:@@{dbdir}/aide.db.new.gz--Update database file 6: Initialize database:
#/usr/sbin/aide-c/etc/aide.conf--init aide, version 0.14
# # # AIDE Database at/var/lib/aide/aide.db.new.gz Initialized.7: Treat the initialized databases as the benchmark database # cp/var/lib/aide/aide.db.new.gz/var/ Lib/aide/aide.db.gz 8: Test aide can find file changes # cp/etc/passwd/aide_test_check/
# rm-rf/aide_test_check/hosts
# echo Hello >/aide_test_check/hosts.allow detection file #/usr/sbin/aide-c/etc/aide.conf--check---------------------- -----------------------------
Added files:
---------------------------------------------------
Added:/root/aide_test_check/passwd
---------------------------------------------------
Removed files:
---------------------------------------------------
Removed:/root/aide_test_check/hosts---------------------------------------------------
Changed files:
---------------------------------------------------changed:/root/aide_test_check
Changed:/root/aide_test_check/hosts.allow 9: If the above change is legitimate, you need to update the benchmark database #/usr/sbin/aide-c/etc/aide.conf--update
# Cd/var/lib/aide
# CP Aide.db.new.gz aide.db.gz
Cp:overwrite ' aide.db.gz '? Y 10: Send report to email: #/usr/sbin/aide-c/etc/aide.conf--check |mail-s "test aide" [email protected]
The aide of the Linux intrusion Detection Tool