Ubuntu system uses aide to check file integrity

Of the many methods that can be applied to http://www.aliyun.com/zixun/aggregation/13835.html ">ubuntu security", one is called File Integrity Monitoring (file integrity checking). The purpose of integrity monitoring and verification of critical system binaries and profiles is to ensure that these key files are not made unauthorized changes. Unauthorized changes to system-specific files are one of the manifestations of attack and endangerment activities on the system. File integrity monitoring is a positive way to make you aware of changes in the system's important files in a timely manner. Like most tools, there are many different applications in the GNU community that can be used to monitor and verify the integrity of your Ubuntu system files.

This guide will cover the installation, configuration, and use of some of these tools on the Ubuntu system.

Although there are many ways to monitor and verify the integrity of GNU system critical files Strictly, this guide only describes the tools called advanced intrusion detection environments.

However, other tools that can be used to monitor and verify file integrity are listed in the "Related Resources" section of this article. Browsing and using these tools is an exercise that readers can practice on their own.

AIDE

The "Advanced Intrusion Detection Environment" (AIDE) is a free software, a popular tripwire for file integrity checking tools. It establishes a database by reading a series of regular expressions in the configuration file, which can be used to validate the integrity of critical system files and some user-defined files when the database is initialized.

AIDE uses many popular information digest algorithms (MD5, SHA1, rmd160, Tiger, Haval, etc.) to check the integrity of the file. Additional algorithms are also easy to add. Consistency of all legacy file System Properties is also checked.

Installing AIDE

Before you install in terminal mode, make sure that your network is well connected, and then enter the following command in the terminal:

sudo apt install aide

Enter your password according to the system prompts, and if Ubuntu is validated, the aide installation package will be downloaded and automatically started. During the installation process, a configuration information window appears, prompting you to send a daily report to the root user by default, but you can modify it by editing the profile/etc/default/aide. Please press ENTER to confirm the message.

The system then asks you if you want to initialize the aide database now. Now, enter Yes and press ENTER. The next dialog box asks if you want to overwrite the existing database. If this is your first time installing aide, select Yes and press ENTER.