English Portuguese (Brazil)
Checking Integrity With *AIDE*
Advanced Intrusion Detection Environment (AIDE) is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions.
Installing *AIDE*
To install the _aide_ package:
$ sudo dnf install aide
To generate an initial database:
$ sudo aide --init
Start timestamp: 2018-07-11 12:35:47 +0200 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new.gz
Number of entries: 150666
MD5 : 0isjEPsCORFk7laoGGz8tQ==
SHA1 : j0aPLakWChM+TAuxfVIpy9nqBOE=
RMD160 : nYyyx0AGZj4e5rwcz77afasXFrw=
TIGER : IBVo5A2A4En1kM6zDjD/MnlkN4QWeSOw
SHA256 : YveypaI9c5PJNvPSZf8YFfjCMWfGUA8q
SHA512 : TiUYmHYflS3A+j17qw5mW78Fn2yXLpCF
Performing Integrity Checks
To initiate a manual check:
Total number of entries: 150667
Added entries: 1
Removed entries: 0
Changed entries: 2
05 4 * * * root /usr/sbin/aide --check
Updating an *AIDE* Database
After verifying the changes of your system such as, package updates or configuration files adjustments, update your baseline *AIDE* database:
For additional information on *AIDE*, see the following documentation:
The attributes of the (uncompressed) database(s):
End timestamp: 2018-07-11 12:37:35 +0200 (run time: 1m 48s)
In the default configuration, the *aide --init* command checks just a set of directories and files defined in the `/etc/aide.conf` file. To include additional directories or files in the AIDE database, and to change their watched parameters, edit `/etc/aide.conf` accordingly.
To start using the database, remove the `.new` substring from the initial database file name: