Posted by: jasonk2600 | November 12, 2009

File System Integrity Monitoring with AIDE

Installation

Install AIDE from the FreeBSD ports collection.

# cd /usr/ports/security/aide
# make install clean
# rehash

 

Configuration

Create the initial AIDE file system checksum database.  NOTE: The default configuration should work for most setups, but you may modify the configuration by editing /usr/local/etc/aide.conf.

# cd /var/db/aide
# aide –init
# mv databases/aide.db.new databases/aide.db

 

AIDE will run as a cronjob that periodically checks for modified files and sends an alert to the root email address. You can change the root email address to a different address by editing /etc/aliases.

 

Usage

To keep the AIDE file integrity database up-to-date, be sure to run the following after updating any applications or configurations:

# aide -u
# cd /var/db/aide/databases
# mv aide.db.new aide.db

You can check the integrity of your files by running AIDE in compare mode with the following:

# aide -C

 

 [EoF]
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: