English Spanish
Checking Integrity With *AIDE* Comprobando la Integridad Con *AIDE*
Advanced Intrusion Detection Environment (AIDE) is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. El Entorno Avanzado de Detección de Intrusión (AIDE) es una utilidad que crea una base de datos de archivos en el sistema y usa esta base de datos para asegurar la integridad de los archivos y detectar intrusiones en el sistema.
Installing *AIDE* Instalando *AIDE*
To install the _aide_ package: Para instalar el paquete _aide_:
$ sudo dnf install aide
$ sudo dnf install aide
To generate an initial database: Para generar una base de datos inicial:
$ sudo aide --init
Start timestamp: 2018-07-11 12:35:47 +0200 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new.gz
$ sudo aide --init
Start timestamp: 2018-07-11 12:35:47 +0200 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new.gz
Number of entries: 150666
Número de entradas: 150666
The attributes of the (uncompressed) database(s):
MD5 : 0isjEPsCORFk7laoGGz8tQ==
SHA1 : j0aPLakWChM+TAuxfVIpy9nqBOE=
RMD160 : nYyyx0AGZj4e5rwcz77afasXFrw=
TIGER : IBVo5A2A4En1kM6zDjD/MnlkN4QWeSOw
SHA256 : YveypaI9c5PJNvPSZf8YFfjCMWfGUA8q
SHA512 : TiUYmHYflS3A+j17qw5mW78Fn2yXLpCF
End timestamp: 2018-07-11 12:37:35 +0200 (run time: 1m 48s)
In the default configuration, the *aide --init* command checks just a set of directories and files defined in the `/etc/aide.conf` file. To include additional directories or files in the AIDE database, and to change their watched parameters, edit `/etc/aide.conf` accordingly.
To start using the database, remove the `.new` substring from the initial database file name:
$ sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
To change the location of the *AIDE* database, edit the `/etc/aide.conf` file and modify the `DBDIR` value. For additional security, store the database, configuration, and the `/usr/sbin/aide` binary file in a secure location such as a read-only media.
To avoid SELinux denials after the AIDE database location change, update your SELinux policy accordingly. See the link:https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/[SELinux User's and Administrator's Guide] for more information.
Performing Integrity Checks
To initiate a manual check:
$ sudo aide --check
Start timestamp: 2018-07-11 12:41:20 +0200 (AIDE 0.16)
AIDE found differences between database and filesystem!!
Total number of entries: 150667
Added entries: 1
Removed entries: 0
Changed entries: 2