Install Advanced Intrusion Detection (File Integrity Check)
AIDE is also known as Advanced Intrusion Detection Environment. It’s one of the most popular Open Source tool for checking the integrity of files and directory. we will Install Advanced Intrusion Detection from redhat repository.This monitors the server changes in Linux based system.
The system check is initialised by database. It works by creating a database which is a snapshot of selected path of file system, from the regular expression in defined in configuration files.
Check Out : Useful Commands Of Firewall
Step 1 : Install the AIDE on Centos 7
yum install aide -y
Step 2 : Check AIDE Version
Step 3 : Configuration file location /etc/aide.conf
Now you will have create a database & initialise the database/
Check Out : Rpmdb Open Failed
Database has been initialised in /var/lib/aide
Step 4: Move this database to a new file by re-naming it to make work.
mv aide.db.new.gz aide.db.gz
Step 5 : You can check integrity
Check Out : Check Service Is Running Or Not
if you see this Message “All files match AIDE database. Looks okay!”. It means there is no changes in a file from attacker.
Step 6 : If you want to update the database by manually, So you can do this with below command. This will create a new database file. Then repeat the step 4.
Check Out : Check Inode Number Of a File Or Directory
Step 7 : Let’s create a file to check it integrity whether it’s working.
It’s always a good idea to move newly created database to a new database file by re-naming it.
Step 8 : You can also create a script which will report you about this changes. I’m going to use the simple script. You can make your own custom script according to your need.
Edit the /etc/crontab
Change MAILTO=root to MAILTO=your_email_id It will send an email whenever SSH Password less login Using SSH Keygen the changes will be made.
Check Out : SSH Password less login Using SSH Keygen
Then go to crontab -e
put these lines there, you can change timing
10 2 * * * root /usr/sbin/aide –check