Install Advanced Intrusion Detection Environment (AIDE) On CentOS 7

Install Advanced Intrusion Detection (File Integrity Check)

Install Advanced Intrusion Detection Environment is also known as AIDE. It’s one of the most popular Open Source tools for checking the integrity of files and directory. We can install and configuration the AIDE database in Linux. We can also update the aide database.

Now we will Install Advanced Intrusion Detection from RedHat repository. This monitors the server changes in Linux based system.

The system check is initialized by the database. It works by creating
a database which is a snapshot of the selected path of the file system,
from the regular expression is defined in configuration files.

Check OutUseful Commands Of Firewall

Let’s Begin

Step 1: Install the AIDE on Centos 7

yum install aide -y

Step 2: Check AIDE Version

aide -v

Step 3: Configuration file location /etc/aide.conf

Now you will have to create a database & initialize the database/

aide –init

Check OutRpmdb Open Failed

The database has been initialized in /var/lib/aide

Step 4: Move this database to a new file by re-naming it to make work.

mv aide.db.gz

Step 5: You can check the integrity

aide –check

Check OutCheck Service Is Running Or Not

if you see this Message “All files match AIDE database. Looks okay!”. It means there are no changes in a file from an attacker.

Step 6: If you want to update the database manually, so you can do this with the below command. This will create a new database file. Then repeat step 4.

aide –update

install Advanced Intrusion Detection

Check OutCheck Inode Number Of a File Or Directory

Step 7: Let’s create a file to check its integrity whether it’s working.

touch /usr/sbin/test

install aide

It’s always a good idea to move the newly created database to a new database file by re-naming it.

Step 8: You can also create a script that will report you about these changes. I’m going to use a simple script. You can make your own custom script according to your needs.

Edit the /etc/crontab

Change MAILTO=root to MAILTO=your_email_id It will send an email whenever SSH Passwordless Login Using SSH Keygen the changes will be made.

Check Out: SSH Password-less Login Using SSH Keygen

aide install in linux

Then go to crontab -e

put these lines there, you can change the timing

10 2 * * * root /usr/sbin/aide –check

aide configuration in linux

You’re done aide configuration in linux install update database

Share on:

I'm the founder of Curious Viral. I hope this blog will provide you complete information about Linux Technology & I would like to share my technical knowledge with you which I have learned during this period.

Other Posts You May Like...

Leave a comment