AIDE

[Josh Wheeler]

Categories: security

AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker. It’s keeps a database of file hashes so file changes can be tracked.

Install aide

Debian

apt-get update
apt-get install aide

Fedora

dnf install aide

Update file hashes

aideinit
Running aide --init...

Start timestamp: 2017-07-06 12:11:55 -0700 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new
Verbose level: 6

Number of entries:	3374662

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.new
  RMD160   : Hv0E1g7PUjmbUBCO0hd7iSVwsZQ=
  TIGER    : TNuTqH+79DY7r/4g0sl0+Zfn/jqNKNO7
  SHA256   : j48KZaa858JVjod7m+3+U02AU30YgEPm
             VuW31DiZbcc=
  SHA512   : iJ+2Y5hq7D2R2ghWRQROQItK7TNYHtfd
             yG22IYCWY2sCptR4v1WhxOANSLJ2AmWk
             Y1Vmg7oNDxkpLV2vmSsL8Q==
  CRC32    : +r9Bzw==
  HAVAL    : FBGNlfbF3979zeBIQeMdfDElag5WKGzt
             9aH8CcE7vBM=
  GOST     : +d/QDnsYh7mroygMNir5IS3V+rVgMc+5
             nQlcY/EVJUw=


End timestamp: 2017-07-06 14:32:09 -0700 (run time: 140m 14s)

After the lengthy initialization process has finished and summary details are displayed, copy the newly initialized db to /var/lib/aide/aide.db

cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db

Run a manual check

aide -c /etc/aide/aide.conf --check