Difference between revisions of "Aide"

From Bashlinux
Jump to: navigation, search
Line 1: Line 1:
 
__NOTOC__
  
__NOTOC__
= Aide =
 +
=== How to install Aide ===
== How to install Aide ==
  
 
To install AIDE just issue the following command:
  
To install AIDE just issue the following command:
 
<pre><nowiki>
  
 
yum -y install aide
  
yum -y install aide
</nowiki></pre>
  
   
 
It installs aide but creates nothing until it is being instructed to do so.
  
It installs aide but creates nothing until it is being instructed to do so.
   
== How to setup Aide ==
 +
=== How to setup Aide ===
Once aide is installed, the first step is to create a new database of the current system status, ideally this must be done just after OS installation is done. The rpm available on uWink repository has done a configuration file that is located on `/etc/aide.conf`, and and only root can access it.
 +
Once aide is installed, the first step is to create a new database of the current system status, ideally this must be done just after OS installation is done. The rpm available on uWink repository has done a configuration file that is located on <tt>/etc/aide.conf</tt>, and and only root can access it.
# Initialize the database
 +
* Initialize the database
 
<pre><nowiki>
  
 
aide -i
  
aide -i
 
* Set database created as "database" to be compared against
</nowiki></pre>
  
 
# Set database created as "database" to be compared against
  
 
<pre><nowiki>
  
 
mv /etc/aide.db.new /etc/aide.db
  
mv /etc/aide.db.new /etc/aide.db
 
* Change database attributes
</nowiki></pre>
  
 
# Change database attributes
  
 
<pre><nowiki>
  
 
chattr +i /etc/aide.db
  
chattr +i /etc/aide.db
</nowiki></pre>
  
   
 
=== How to run Aide ===
 
== How to run Aide ==
  
 
This an abstract from the man pages.
  
This an abstract from the man pages.
* Checks the database for inconsistencies. You must have an initialized database to do this. This is also the default command. Without any command aide does a check.
 +
* Check the database for inconsistencies. You must have an initialized database to do this. This is also the default command. Without any command aide does a check.
 
<pre><nowiki>
  
 
--check, -C
  
--check, -C
 
* Initialize the database. You must initialize a database and move it to the appropriate place before you can use the <code>--check</code> command.
</nowiki></pre>
  
 
* Initialize the database. You must initialize a database and move it to the appropriate place before you can use the `--check` command.
  
 
<pre><nowiki>
  
 
--init, -i
  
--init, -i
 
* Check the database and updates the database non-interactively. The input and output databases must be different.
</nowiki></pre>
  
 
* Checks the database and updates the database non-interactively. The input and output databases must be different.
  
 
<pre><nowiki>
  
 
--update, -u
  
--update, -u
 
* Compares two databases. They must be defined in configfile with <code>database=<url></code> and <code>database_new=<url></code>
</nowiki></pre>
  
 
 
* Compares two databases. They must be defined in configfile with `database=<url>` and `database_new=<url>`.
  
 
<pre><nowiki>
  
 
--compare
  
--compare
 
* Stops after reading in the configuration file. Any errors will be reported. If aide was compiled with the <code>--with-dbhmackey</code> option, a hash for the config file will be calculated. See the aide manual for more information
</nowiki></pre>
  
 
 
* Stops after reading in the configuration file. Any errors will be reported. If aide was compiled with the `--with-dbhmackey` option, a hash for the config file will be calculated. See the aide manual for more information
  
 
<pre><nowiki>
  
 
--config-check, -D
  
--config-check, -D
</nowiki></pre>
  
 
   
== Links ==
 +
== References ==
* Home page [[http://www.cs.tut.fi/~rammer/aide.html]]
 +
* [http://www.cs.tut.fi/~rammer/aide.html Aide's Home Page]
* Manual [[http://www.cs.tut.fi/~rammer/aide/manual.html]]
 +
* [http://www.cs.tut.fi/~rammer/aide/manual.html Aide's Manual]

Revision as of 04:56, 11 June 2015

How to install Aide

To install AIDE just issue the following command: 

yum -y install aide

It installs aide but creates nothing until it is being instructed to do so.

How to setup Aide

Once aide is installed, the first step is to create a new database of the current system status, ideally this must be done just after OS installation is done. The rpm available on uWink repository has done a configuration file that is located on /etc/aide.conf, and and only root can access it.

  • Initialize the database
aide -i
  • Set database created as "database" to be compared against
mv /etc/aide.db.new /etc/aide.db
  • Change database attributes
chattr +i /etc/aide.db

How to run Aide

This an abstract from the man pages.

  • Check the database for inconsistencies. You must have an initialized database to do this. This is also the default command. Without any command aide does a check.
--check, -C
  • Initialize the database. You must initialize a database and move it to the appropriate place before you can use the --check command.
--init, -i
  • Check the database and updates the database non-interactively. The input and output databases must be different.
--update, -u
  • Compares two databases. They must be defined in configfile with database=<url> and database_new=<url>
--compare
  • Stops after reading in the configuration file. Any errors will be reported. If aide was compiled with the --with-dbhmackey option, a hash for the config file will be calculated. See the aide manual for more information
--config-check, -D

References

Retrieved from "http://wiki.bashlinux.com/index.php?title=Aide&oldid=1020"