Check file integrity using AIDE

Install Advanced Intrusion Detection (File Integrity Check)

AIDE is also known as Advanced Intrusion Detection Environment. It’s one of the most popular Open Source tool for checking the integrity of files and directory. we will Install Advanced Intrusion Detection from redhat repository.This monitors the server changes in Linux based system.

The system check is initialised by database. It works by creating a database which is a snapshot of selected path of file system, from the regular expression in defined in configuration files.

Check OutUseful Commands Of Firewall

Let’s Begin

Step 1 : Install the AIDE on Centos 7

yum install aide -y

Step 2 : Check AIDE Version

aide -v

Step 3 : Configuration file location /etc/aide.conf

Now you will have create a database & initialise the database/

aide –init

Check OutRpmdb Open Failed

Database has been initialised in /var/lib/aide

Step 4: Move this database to a new file by re-naming it to make work.

mv aide.db.gz

Step 5 : You can check integrity

aide –-check

Check OutCheck Service Is Running Or Not

if you see this Message “All files match AIDE database. Looks okay!”. It means there is no changes in a file from attacker.

Step 6 : If you want to update the database by manually, So you can do this with below command. This will create a new database file. Then repeat the step 4.

aide –update

Check OutCheck Inode Number Of a File Or Directory

Step 7 : Let’s create a file to check it integrity whether it’s working.

touch /usr/sbin/test

It’s always a good idea to move newly created database to a new database file by re-naming it.

Step 8 : You can also create a script which will report you about this changes. I’m going to use the simple script. You can make your own custom script according to your need.

Edit the /etc/crontab

Change MAILTO=root to MAILTO=your_email_id It will send an email whenever SSH Password less login Using SSH Keygen the changes will be made.

Check Out : SSH Password less login Using SSH Keygen

Then go to crontab -e

put these lines there, you can change timing

10 2 * * * root /usr/sbin/aide –check

You’re done

Leave a Reply

Notify of