Difference between revisions of "Aide"
From Bashlinux
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
__NOTOC__ |
__NOTOC__ |
||
− | = Aide = |
+ | === How to install Aide === |
− | == Installation == |
||
To install AIDE just issue the following command: |
To install AIDE just issue the following command: |
||
− | |||
− | <pre><nowiki> |
||
yum -y install aide |
yum -y install aide |
||
− | </nowiki></pre> |
||
It installs aide but creates nothing until it is being instructed to do so. |
It installs aide but creates nothing until it is being instructed to do so. |
||
− | == |
+ | === How to setup Aide === |
− | Once aide is installed, the first step is to create a new database of the current system status, ideally this must be done just after OS installation is done. The rpm available on |
+ | Once aide is installed, the first step is to create a new database of the current system status, ideally this must be done just after OS installation is done. The rpm available on Bashlinux repository has done a configuration file that is located on <tt>/etc/aide.conf</tt>, and and only root can access it. |
− | + | * Initialize the database |
|
− | |||
− | <pre><nowiki> |
||
aide -i |
aide -i |
||
⚫ | |||
− | </nowiki></pre> |
||
− | |||
⚫ | |||
− | |||
− | <pre><nowiki> |
||
mv /etc/aide.db.new /etc/aide.db |
mv /etc/aide.db.new /etc/aide.db |
||
⚫ | |||
− | </nowiki></pre> |
||
− | |||
⚫ | |||
− | |||
− | <pre><nowiki> |
||
chattr +i /etc/aide.db |
chattr +i /etc/aide.db |
||
− | </nowiki></pre> |
||
+ | === How to run Aide === |
||
− | |||
− | == Commands == |
||
This an abstract from the man pages. |
This an abstract from the man pages. |
||
− | * |
+ | * Check the database for inconsistencies. You must have an initialized database to do this. This is also the default command. Without any command aide does a check. |
− | |||
− | <pre><nowiki> |
||
--check, -C |
--check, -C |
||
⚫ | |||
− | </nowiki></pre> |
||
− | |||
⚫ | |||
− | |||
− | <pre><nowiki> |
||
--init, -i |
--init, -i |
||
⚫ | |||
− | </nowiki></pre> |
||
− | |||
⚫ | |||
− | |||
− | <pre><nowiki> |
||
--update, -u |
--update, -u |
||
⚫ | |||
− | </nowiki></pre> |
||
− | |||
− | |||
⚫ | |||
− | |||
− | <pre><nowiki> |
||
--compare |
--compare |
||
⚫ | |||
− | </nowiki></pre> |
||
− | |||
− | |||
⚫ | |||
− | |||
− | <pre><nowiki> |
||
--config-check, -D |
--config-check, -D |
||
− | </nowiki></pre> |
||
− | |||
− | == |
+ | == References == |
− | * |
+ | * [http://www.cs.tut.fi/~rammer/aide.html Aide's Home Page] |
− | * |
+ | * [http://www.cs.tut.fi/~rammer/aide/manual.html Aide's Manual] |
Latest revision as of 04:54, 16 June 2015
How to install Aide
To install AIDE just issue the following command:
yum -y install aide
It installs aide but creates nothing until it is being instructed to do so.
How to setup Aide
Once aide is installed, the first step is to create a new database of the current system status, ideally this must be done just after OS installation is done. The rpm available on Bashlinux repository has done a configuration file that is located on /etc/aide.conf, and and only root can access it.
- Initialize the database
aide -i
- Set database created as "database" to be compared against
mv /etc/aide.db.new /etc/aide.db
- Change database attributes
chattr +i /etc/aide.db
How to run Aide
This an abstract from the man pages.
- Check the database for inconsistencies. You must have an initialized database to do this. This is also the default command. Without any command aide does a check.
--check, -C
- Initialize the database. You must initialize a database and move it to the appropriate place before you can use the
--check
command.
--init, -i
- Check the database and updates the database non-interactively. The input and output databases must be different.
--update, -u
- Compares two databases. They must be defined in configfile with
database=<url>
anddatabase_new=<url>
--compare
- Stops after reading in the configuration file. Any errors will be reported. If aide was compiled with the
--with-dbhmackey
option, a hash for the config file will be calculated. See the aide manual for more information
--config-check, -D