Of the many methods that can be applied to http://www.aliyun.com/zixun/aggregation/13835.html ">ubuntu security", one is called File Integrity Monitoring (file integrity checking). The purpose of integrity monitoring and verification of critical system binaries and profiles is to ensure that these key files are not made unauthorized changes. Unauthorized changes to system-specific files are one of the manifestations of attack and endangerment activities on the system. File integrity monitoring is a positive way to make you aware of changes in the system's important files in a timely manner. Like most tools, there are many different applications in the GNU community that can be used to monitor and verify the integrity of your Ubuntu system files.
This guide will cover the installation, configuration, and use of some of these tools on the Ubuntu system.
Although there are many ways to monitor and verify the integrity of GNU system critical files Strictly, this guide only describes the tools called advanced intrusion detection environments.
However, other tools that can be used to monitor and verify file integrity are listed in the "Related Resources" section of this article. Browsing and using these tools is an exercise that readers can practice on their own.
AIDE
The "Advanced Intrusion Detection Environment" (AIDE) is a free software, a popular tripwire for file integrity checking tools. It establishes a database by reading a series of regular expressions in the configuration file, which can be used to validate the integrity of critical system files and some user-defined files when the database is initialized.
AIDE uses many popular information digest algorithms (MD5, SHA1, rmd160, Tiger, Haval, etc.) to check the integrity of the file. Additional algorithms are also easy to add. Consistency of all legacy file System Properties is also checked.
Installing AIDE
Before you install in terminal mode, make sure that your network is well connected, and then enter the following command in the terminal:
sudo apt install aide
Enter your password according to the system prompts, and if Ubuntu is validated, the aide installation package will be downloaded and automatically started. During the installation process, a configuration information window appears, prompting you to send a daily report to the root user by default, but you can modify it by editing the profile/etc/default/aide. Please press ENTER to confirm the message.
The system then asks you if you want to initialize the aide database now. Now, enter Yes and press ENTER. The next dialog box asks if you want to overwrite the existing database. If this is your first time installing aide, select Yes and press ENTER.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.