AIDE : Install2025/12/09 |
|
Install and configure Host Based IDS (Intrusion Detection System) [AIDE] (Advanced Intrusion Detection Environment). |
|
| [1] | Install AIDE. |
|
dlp:~ # zypper -n install aide
|
| [2] | Configure AIDE and initialize database. It's possible to use AIDE with default config but if you'd like to customize settings, change configuration file like follows. |
|
# initialize database dlp:~ # aide --init
Start timestamp: 2025-12-09 13:48:36 +0900 (AIDE 0.18.8)
AIDE successfully initialized database.
New AIDE database written to /var/lib/aide/aide.db.new
Number of entries: 72338
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/aide.db.new
MD5 : cXlwDAVaqEva90GbY31kRA==
SHA1 : hmA3w8HT2ONwjm9nnKYZNr4CEE4=
SHA256 : jMeByk58+aDQlKiXUiFTtvW4YjPDV7UH
9zmNQhrM2lg=
SHA512 : 7ysekDdZGQ7YBwbarJnggLhj66kU105e
jOm/dIBloqzzZFedgY4nlQQDUOTX4pLO
979queDqrjPL09TAcFRx6Q==
RMD160 : 4AJ3WaAVhBGM+ZF8YV4K6CfPmZk=
TIGER : L7FfgI3lovTnPvKMye4o94oZTHM/23Uv
CRC32 : Du6mJg==
WHIRLPOOL : OBIciT0/1HeuFb+ARua7UllSqX5/rA3o
Gv9JjG9q2SgktAiTJJxZufVBaHjQkoxW
r7OCQW5wgzG0xq+3gsd6hg==
GOST : +i5KsJ5mimwA7Ut7ximj7jofGA+YktJQ
xgkCtXeAmRU=
STRIBOG256: 8RrU6A67z11bhHf3RnNpn+e0vFSptAkU
O60I5jtnzGc=
STRIBOG512: uvgewKcMkcqL7qXnzyPHkEzFU1lIccei
3bsATSN8iLqQpL8y6aPtbFLQWNnXikZp
QDombSw4WzABQOXo9Mjgew==
End timestamp: 2025-12-09 13:48:50 +0900 (run time: 0m 14s)
# copy generated DB to master DB dlp:~ # cp -p /var/lib/aide/aide.db.new /var/lib/aide/aide.db
|
| [3] | Run checking. |
|
dlp:~ #
aide --check # if there is no unmatch, it displayed [Looks okay]
Start timestamp: 2025-12-09 13:54:00 +0900 (AIDE 0.18.8)
AIDE found NO differences between database and filesystem. Looks okay!!
Number of entries: 72339
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/aide.db
MD5 : EudSpDJKAzbkTE3629IIGA==
SHA1 : SbjYwjAxAYukaKOaXFkr+HrzEb8=
SHA256 : 98iSG/uRZTDoXQmv95yKgGErnY8S3DDw
UuLVXkCmHBg=
SHA512 : aL4AIYT5H/6uW/cQBLe2e7YMpItQ9Inf
qdH+pgwfqpgA9mHTUHSJBDD8Egj4hptx
UJu5s5ZIMtcUR8ioZ6y1AQ==
RMD160 : o77XObbOVjgifYJK5ZBSDz3ulUY=
TIGER : jFAuEy/I138f52ViSlDLGew71eLW+ibe
CRC32 : KxkBbw==
WHIRLPOOL : tUsMGklUBRckiNwDt/b8aZJptzN9ollu
gP4zTjiYJSzrpFyf7UDbtU08r4Jlg1uG
Eg2eJuNO17ywQEr74jdrZQ==
GOST : Ngy327ZOlUKFpBtPqNachU0mzwrkAbyi
v9NXKWoT5iY=
STRIBOG256: w3vyC4vW+rOK8BAsTpUBRLQwhV2fF53d
zRzQtpJJS2U=
STRIBOG512: SilO5phqo8+dd6P8mO0GPNo0E+jbzfnZ
nSoY/Dk7bEpUy/qKfwzw19qvq8i4PMgf
+S7deuHJc8wCbcvnqfqmEw==
End timestamp: 2025-12-09 13:54:28 +0900 (run time: 0m 28s)
# detected differences like follows Start timestamp: 2025-12-09 13:58:02 +0900 (AIDE 0.18.8) AIDE found differences between database and filesystem!! Summary: Total number of entries: 72340 Added entries: 1 Removed entries: 0 Changed entries: 1 --------------------------------------------------- Added entries: --------------------------------------------------- f++++++++++++++: /etc/testfile.txt --------------------------------------------------- Changed entries: --------------------------------------------------- d >.... mc.. : /etc ..... ..... |
| [4] | If there is no ploblem even if some differences are detected, then update database like follows. |
|
dlp:~ #
aide --update Start timestamp: 2025-12-09 14:03:40 +0900 (AIDE 0.18.8) AIDE found differences between database and filesystem!! New AIDE database written to /var/lib/aide/aide.db.new Summary: Total number of entries: 72340 Added entries: 1 Removed entries: 0 Changed entries: 1 --------------------------------------------------- Added entries: --------------------------------------------------- f++++++++++++++: /etc/testfile.txt ..... ..... # update database dlp:~ # cp -p /var/lib/aide/aide.db.new /var/lib/aide/aide.db
|
|
|