Install Advanced Intrusion Detection (File Integrity Check)
Install Advanced Intrusion Detection Environment is also known as AIDE. It’s one of the most popular Open Source tools for checking the integrity of files and directory. We can install and configuration the AIDE database in Linux. We can also update the aide database.
Now we will Install Advanced Intrusion Detection from RedHat repository. This monitors the server changes in Linux based system.
The system check is initialized by the database. It works by creating a database which is a snapshot of the selected path of the file system, from the regular expression is defined in configuration files.
Check Out: Useful Commands Of Firewall
Step 1: Install the AIDE on Centos 7
yum install aide -y
Step 2: Check AIDE Version
Step 3: Configuration file location /etc/aide.conf
Now you will have to create a database & initialize the database/
Check Out: Rpmdb Open Failed
The database has been initialized in /var/lib/aide
Step 4: Move this database to a new file by re-naming it to make work.
mv aide.db.new.gz aide.db.gz
Step 5: You can check the integrity
Check Out: Check Service Is Running Or Not
if you see this Message “All files match AIDE database. Looks okay!”. It means there are no changes in a file from an attacker.
Step 6: If you want to update the database manually, so you can do this with the below command. This will create a new database file. Then repeat step 4.
Check Out: Check Inode Number Of a File Or Directory
Step 7: Let’s create a file to check its integrity whether it’s working.
It’s always a good idea to move the newly created database to a new database file by re-naming it.
Step 8: You can also create a script that will report you about these changes. I’m going to use a simple script. You can make your own custom script according to your needs.
Edit the /etc/crontab
Change MAILTO=root to MAILTO=your_email_id It will send an email whenever SSH Passwordless Login Using SSH Keygen the changes will be made.
Check Out: SSH Password-less Login Using SSH Keygen
Then go to crontab -e
put these lines there, you can change the timing
10 2 * * * root /usr/sbin/aide –check
You’re done aide configuration in linux install update database