AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
Default configuration of aide is quite fine. But we are going to tweak it slightly more.
Send the report
Reports which are created once a day can be sent to a custom address. you need to change the variable
MAILTO to which ever address you like. Default is to send them to
root on localhost.
To change it, open and edit
/etc/default/aide Configuring aide
Most
AIDE configuration is in file
/etc/aide/aide.conf. This file is pretty well documented and default
rules are descent but we are going to make some slight changes.
AIDE aims at reporting files that changed since the last snapshot (
/var/lib/aide/aide.db). A good security measure is to keep that file on a read-only device such as a floppy disk or a cdrom. If your machine has such a device, you could use the snapshot from that device. So let say that you have a copy of aide.db on a cdrom.
To use that snapshot, you could change:
database=file:/var/lib/aide/aide.db
to
database=file:/media/cdrom/aide.db
instead. That way, if an intruder get into your machine, he won’t be able to modify
aide.db.
By default,
AIDE checks for changes in
Binaries and
Libraries directories. Those changes are matched to the
BinLib rule, which basically check for any changes in permissions, ownership, modification, access and creation date, size change, md5 and sha1 signature, inode, number of links and block count. Then, it also check for modifications in the log files against the rule
Logs. Because log files tends to grow, you cannot use a signature there and you also have to asked aide not to check for size modification (S). Okie, this should be enough to get to understand how aide works. Reading through
/etc/aide/aide.conf is a good place to learn more.
To make aide
/etc/. To do so, added: /etc ConfFiles in /etc/aide/aide.conf, this will check for changes in /etc/.
Updating aide
aide is run on a daily basis through the script
/etc/cron.daily/aide. Default settings in
/etc/default/aide tells
aide to update it’s database. Using
database_out value in
/etc/aide/aide.conf,
aide is going to output a new database any time it runs in
/var/lib/aide/aide.db.new if you kept the default settings.
Any time you will install new packages, change some configuration settings… it will be worth using an up-to-date database so
aide won’t report any changes or addition in /etc/mynewsoft, /bin/mynewsoft …
So, when you install new softwares, make some configuration changes …, run:
# /etc/cron.daily/aide
Then, check in the report that modifications were only brought to the files you intended to modify and that added files are only coming from packages you have just installed.
Once you are sure that everything is fine, copy the new database to whatever place your
database points to (cdrom, floppy, somewhere on you filesystem….).This way, you will get lighter reports next time
aide runs.
Free, facebook, tips, Links, blogging, Downloads, Google, facebookTips, money, news, apps, Social, Media, Website, Tricks, games, Android, software, PIctures, Internet, Security, Web, codes, Review, bloggers, SAMSUNG, Worldwide, Contest, Exitic, Phones, facebookTricks, hacking, London, Olympics, SEO, Youtube, iOS, Adsense, gadgets, iPHONE, widgets, Doodle, twitter, video, Deals, technology, Aircel, Airtel, iPAD, Angry, Birds, BSNL, TechLife, GMAIL, Idea, Microsoft, SmartPhones, Stress, Buster, Windows, Yahoo, Infolinks, Nokia, Scam, Uninor, browsers, Amazon, Euro, CUP, Chat, IDM, JOBS, Modem, Music, Reliance, Results, SSC, Tata, Docomo, bing, freebie, mobile, placements, AIEEE, AlertPay, Chrome, College, Competetive, Exam, Dehradun, Extension, FireFox, GPRS, HTC, IMPACT, Info, MTS, Mark, Zukerberg, Paypal, Promotional, Post, Torrent, UTU, Unlocking, VodaFone, Wall, Paper, apple, books, engineering, iCAR, iTunes, pinterest, rovio, AVG, Admit, Card, Adobe, Affiliate, Marketing, Akhilesh, Amul, Girl, BlackBerry, ChromeBook, Clixsense, Coupon, Digitallife, Discovery, Emoticons, Festival, GATE, GIMP, Income, Tax, International, JSS, JailBreaking, Kindle, Linux, Local, MAX, PAYNE, Mac, Mango, Memory, Speed, Nexus, Online, Shopping, Raakhi, Report, Rising, Stars, Sample, Science, Sony, Syllabus, TabletBooK, Teamviewer, Templates, Dark, Knight, Rises, USA, UPMT, Virgin, Xperia, ZTE, challan, counselling, course, btech, funny, iMOVE, registration
source:http://linuxpoison.blogspot.com/2008/08/13578175806939.html