Why You Shouldn't Use Microsoft Windows11.

...

LMDE5 - Linux Mint Debian Edition.

LMDE5 -...

Why Should I Not Use Windows10?

Here are a...

AIDE - Advanced Intrusion Detection Environment

English

AIDE - Advanced Intrusion Detection Environment.

AIDE is a file and directory integrity checker and is available in Debian 11 "Bullseye" repository and LMDE5.

Advanced Intrusion Detection Environment - static binary AIDE is an intrusion detection system that detects changes to files on the local system.

It creates a database from the regular expression rules that it finds from the config file. Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (md5, sha1, rmd160, tiger, haval, etc.) that are used to check the integrity of the file. More algorithms can be added with relative ease. All of the usual file attributes can also be checked for inconsistencies.

License: GNU/GPLv2

Features:

  • supported message digest algorithms: md5, sha1, rmd160, tiger, crc32, sha256, sha512, whirlpool (additionally with libmhash: gost, haval, crc32b)
  • supported file attributes: File type, Permissions, Inode, Uid, Gid, Link name, Size, Block count, Number of links, Mtime, Ctime and Atime
  • support for Posix ACL, SELinux, XAttrs and Extended file system attributes if support is compiled in
  • plain text configuration files and database for simplicity
  • powerful regular expression support to selectively include or exclude files and directories to be monitored
  • gzip database compression if zlib support is compiled in
  • stand alone static binary for easy client/server monitoring configurations
  • and many more...

The current stable version of AIDE is 0.17.4, but you need to download it here.

If you don't want to, you can install from Debians repository and get Version: 0.17.3-4+deb11u1.

How to install via a terminal window from Debian's repository:

sudo apt-get install aide

Press Enter.

Other supported distributions:

  • Debian: sudo apt install aide
  • Ubuntu: sudo apt install aide
  • LMDE5:  sudo apt install aide
  • FreeBSD: pkg install aide
  • Gentoo: emerge aide
  • Homebrew: brew install aide
  • MacPorts: port install aide
  • NixOS: nix-env -iA nixos.aide
  • OpenBSD: pkg_add aide
  • openSUSE: zypper install aide
  • Red Hat | CentOS | Fedora: yum install aide

Run this command:

sudo aide -v

Press Enter.

Result:

user@computer:~$ aide -v
Aide 0.17.3

Compiled with the following options:

WITH_MMAP
WITH_PCRE
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_CAPABILITIES
WITH_E2FSATTRS
WITH_ZLIB
WITH_MHASH
WITH_AUDIT

Default config values:
config file: <none>
database_in: <none>
database_out: <none>

Available hashsum groups:
md5: yes
sha1: yes
sha256: yes
sha512: yes
rmd160: yes
tiger: yes
crc32: yes
crc32b: yes
haval: yes
whirlpool: yes
gost: yes
stribog256: no
stribog512: no

Default compound groups:
R: l+p+u+g+s+c+m+i+n+md5+acl+selinux+xattrs+ftype+e2fsattrs+caps
L: l+p+u+g+i+n+acl+selinux+xattrs+ftype+e2fsattrs+caps
>: l+p+u+g+i+n+acl+S+selinux+xattrs+ftype+e2fsattrs+caps
H: md5+sha1+rmd160+tiger+crc32+haval+gost+crc32b+sha256+sha512+whirlpool
X: acl+selinux+xattrs+e2fsattrs+caps

You should open the configuration using your favorite editor:

sudo gedit /etc/aide.conf

Press Enter.

It has directives that define the database location, report location, default rules, the directories/files to be included in the database.

You should research recommended settings:

PERMS = p+u+g+acl+selinux+xattrs

The PERMS rule is used for access control only, it will detect any changes to file or directories based on file/directory permissions, user, group, access control and permissions.

To check file content and file type:

CONTENT = sha256+ftype

An extended version of the previous rule, that checks extended content, file type and access:

CONTENT_EX = sha256+ftype+p+u+g+n+acl+selinux+xattrs

DATAONLY rule below will detect any changes in data inside all files/directories:

DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha256

Now that you have defined rules, you can specify the file and directories to watch. The following definition will check permissions for all files in root directory.

/root/\..*  PERMS

Check all files in the /root directory for any changes.

/root/   CONTENT_EX

Will help you detect any changes in data inside all files/directory under /etc/

To detect any changes in data inside all files/directory under /etc/:

/etc/   DATAONLY

Use AIDE to Check File and Directory Integrity in Linux:

sudo aide --init

Now rename the database to /var/lib/aide/aide.db.gz before proceeding.

sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

I recommended you move the database to a secure location.

Once the database is created, you can check the integrity of the files and directories:

sudo aide --check

It will comprare the snapshot in the database to the files/directories found on your system disk. If it finds changes,that you might not expect, it generates a report which you can then review.

Developers website

 

Buy Us A Coffee

Here is the link if you want to support us with a small donation.
This may help you and others gain better information and help us with the cost of the server.

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.

 

Limited Time Offers