Aide

From Bashlinux
Revision as of 06:06, 5 February 2010 by Manpaz (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Aide

Installation

To install AIDE just issue the following command: 

 yum -y install aide

It installs aide but creates nothing until it is being instructed to do so.

Setup

Once aide is installed, the first step is to create a new database of the current system status, ideally this must be done just after OS installation is done. The rpm available on uWink repository has done a configuration file that is located on `/etc/aide.conf`, and and only root can access it.

  1. Initialize the database
 aide -i
  1. Set database created as "database" to be compared against
 mv /etc/aide.db.new /etc/aide.db
  1. Change database attributes
 chattr +i /etc/aide.db


Commands

This an abstract from the man pages.

  • Checks the database for inconsistencies. You must have an initialized database to do this. This is also the default command. Without any command aide does a check.
 --check, -C
  • Initialize the database. You must initialize a database and move it to the appropriate place before you can use the `--check` command.
 --init, -i
  • Checks the database and updates the database non-interactively. The input and output databases must be different.
 --update, -u


  • Compares two databases. They must be defined in configfile with `database=<url>` and `database_new=<url>`.
 --compare


  • Stops after reading in the configuration file. Any errors will be reported. If aide was compiled with the `--with-dbhmackey` option, a hash for the config file will be calculated. See the aide manual for more information
 --config-check, -D


Links

Retrieved from "http://wiki.bashlinux.com/index.php?title=Aide&oldid=81"