Aide

De Linuxmemo.

aide - Advanced Intrusion Detection Environment

[modifier] Config

• répertoires cible (a vérifier)

AIDE supports three types of selection lines:

      Regular selection line:

         <regex> <group>

         Files and directories matching the regular expression are added to the database.

      Negative selection line:

         !<regex>

         Files  and directories matching the regular expression are ignored and not added
         to the database.

      Equals selection line:

         =<regex> <group>

         Files and directories matching the regular expression are added to the database.
         The children of directories are only added if the regular expression ends with a
         "/". The children of sub-directories are not added at all.

• exemples:

/ R        - This adds all files on your machine to the database. This one line is a fully qualified configuration file.
!/dev      - This ignores the /dev directory structure.
=/foo R    - Only  /foo  and  /foobar  are  taken  into the database. None of their children are added
=/foo/ R   -Only /foo and its children (e.g. /foo/file and /foo/directory) are taken  into  the database. The children of sub-directories (e.g. /foo/directory/bar) are not added.

[modifier] Utilisation

1. initialisation de la base de référence

aide -c /etc/aide/aide.conf -i

puis copie de la base pour la comparaison

cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db

1. vérification des modifications

aide -c /etc/aide/aide.conf -C

1. validation des modifications (si correcte)

aide -c /etc/aide/aide.conf -u && cp -f /var/lib/aide/aide.db.new /var/lib/aide/aide.db

[modifier] Cron

/usr/share/aide/config/cron.daily/aide