AIDE Setup Notes

tags:

• centos
• redhat
• linux
• guide

Installed AIDE v0.13.1-6.el5_8.2
on CentOS 5.8 x86_64

Notes

Installation

yum -y install aide  
cp /etc/aide.conf{,.original}

Configuration

The aide.conf file has selinux entries which you might want to
redefine
to prevent “lgetfilecon_raw failed” errors. Here are my definitions:

ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger  
EVERYTHING    = p+i+n+u+g+s+m+c+acl+xattrs+md5+ALLXTRAHASHES  
NORMAL        = p+i+n+u+g+s+m+c+acl+xattrs+md5+rmd160+sha256  
DIR           = p+i+n+u+g+acl+xattrs  
PERMS         = p+i+u+g+acl  
LOG           = p+u+g+i+n+S+acl+xattrs  
LSPP          = p+i+n+u+g+s+m+c+acl+xattrs+md5+sha256  
DATAONLY      = p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger

Read the file, determine what you need, and add/adjust entries
accordingly.

Initialization

aide --init

This creates /var/lib/aide/aide.db.new.gz. Back up this file to a
safe and secure place off this server! Now rename the file:

mv /var/lib/aide/{aide.db.new.gz,aide.db.gz}

Checking

# On the system  
aide --check  
  
# Comparing outside the system  
aide --compare old.db.gz new.db.gz