AIDE Setup Notes Revision as of Wednesday, 26 June 2024 at 10:57 UTC
tags:
- centos
- redhat
- linux
- guide
Installed AIDE v0.13.1-6.el5_8.2
on CentOS 5.8 x86_64
Notes
Installation
yum -y install aide
cp /etc/aide.conf{,.original}
Configuration
The aide.conf
file has selinux entries which you might want to
redefine
to prevent “lgetfilecon_raw failed
” errors. Here are my definitions:
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
EVERYTHING = p+i+n+u+g+s+m+c+acl+xattrs+md5+ALLXTRAHASHES
NORMAL = p+i+n+u+g+s+m+c+acl+xattrs+md5+rmd160+sha256
DIR = p+i+n+u+g+acl+xattrs
PERMS = p+i+u+g+acl
LOG = p+u+g+i+n+S+acl+xattrs
LSPP = p+i+n+u+g+s+m+c+acl+xattrs+md5+sha256
DATAONLY = p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger
Read the file, determine what you need, and add/adjust entries
accordingly.
Initialization
aide --init
This creates /var/lib/aide/aide.db.new.gz
. Back up this file to a
safe and secure place off this server! Now rename the file:
mv /var/lib/aide/{aide.db.new.gz,aide.db.gz}
Checking
# On the system
aide --check
# Comparing outside the system
aide --compare old.db.gz new.db.gz