AIDE Setup Notes Revision as of Monday, 21 December 2015 at 02:30 UTC

Pre-Flight

• AIDE v0.13.1-6.el5_8.2 on CentOS 5.8 x86_64

Notes

Installation

 yum -y install aide
 cp /etc/aide.conf{,.original}

Configuration

The aide.conf file has selinux entries which you might want to
redefine
to prevent “lgetfilecon_raw failed” errors. Here are my definitions:

 ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
 EVERYTHING    = p+i+n+u+g+s+m+c+acl+xattrs+md5+ALLXTRAHASHES
 NORMAL        = p+i+n+u+g+s+m+c+acl+xattrs+md5+rmd160+sha256
 DIR           = p+i+n+u+g+acl+xattrs
 PERMS         = p+i+u+g+acl
 LOG           = p+u+g+i+n+S+acl+xattrs
 LSPP          = p+i+n+u+g+s+m+c+acl+xattrs+md5+sha256
 DATAONLY      = p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger

Read the file, determine what you need, and add/adjust entries
accordingly.

Initialization

 aide --init

This creates /var/lib/aide/aide.db.new.gz. Back up this file to a
safe and secure place off this server! Now rename the file:

 mv /var/lib/aide/{aide.db.new.gz,aide.db.gz}

Checking

 # On the system
 aide --check
 
 # Comparing outside the system
 aide --compare old.db.gz new.db.gz