Table of Contents
- 1. Before install AIDE
- 2. Install AIDE
- 3. Create database
- 4. File integrity check
- 5. Cron job which runs aide
1 Before install AIDE
Install Postfix with this script.
2 Install AIDE
Install aide package.
$ sudo dnf install -y aide
3 Create database
Running “aide –init” creates aide.db.new.gz. And you need to copy it to aide.db.gz.
$ sudo aide –init.$ sudo cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
4 File integrity check
aide –check checks file integrity. aide –update checks file integrity and create new database aide.db.new.gz. This needs to copy to aide.db.gz.
$ sudo aide –check<snip>$ echo $?0
If some file is changed, aide will return non zero value.
$ sudo mv /usr/sbin/ip /usr/sbin/ip.orig$ echo “modified” | sudo tee /usr/sbin/ip$ sudo aide –check<snip>$ echo $?4
5 Cron job which runs aide
You need to create cron job. This article will creates daily cron job which runs “aide –update” and send email.
$ sudo dnf install -y mailx liblockfile$ cat <<EOF | sudo tee /etc/cron.daily/aide#!/bin/shLOCK_FILE=/var/run/aide.lockMAIL_ADDR=root@localhostdotlockfile -p ${LOCK_FILE} || exit 1TMP=$(mktemp -t aide.XXXXXX)trap “rm $TMP* 2>/dev/null” 0aide –update > ${TMP} 2>&1ret=$?if [ ${ret} -eq 0 ]; then # Nothing is changed. cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gzelif [ ${ret} -lt 8 ]; then # Some file is changed. cat ${TMP} | mail -s “AIDE detects changes” ${MAIL_ADDR} cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gzelse # Cannot update database. cat ${TMP} | mail -s “AIDE fatal error” ${MAIL_ADDR}fidotlockfile -u ${LOCK_FILE}EOF$ sudo chmod a+x /etc/cron.daily/aide
