Skip to Content
Fedora Linux
book

Fedora Linux

by Chris Tyler
October 2006
Beginner
658 pages
17h 17m
English
O'Reilly Media, Inc.
Content preview from Fedora Linux

Detecting File Changes with AIDE

The Advanced Intrusion Detection Environment (AIDE) is a program that takes a “fingerprint” of system files so that changes in those files can be detected. You can use it to detect a system intrusion, accidental file overwrites, and file corruption.

How Do I Do That?

To initialize the AIDE fingerprint database, execute it with the --init option:

# aide --init

AIDE, version 0.11

### AIDE database at /var/lib/aide/aide.db.new.gz initialized.

It will take several minutes to run. When it is finished, a fingerprint database will be saved as /var/lib/aide/aide.db.new.gz. Rename it to /var/lib/aide/aide.db.gz to make it the active AIDE database:

# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Once the fingerprint database is configured, you can check for file changes using the --check argument:

# aide --check AIDE found differences between database and filesystem!! Start timestamp: 2006-06-01 12:50:01 Summary: Total number of files: 127172 Added files: 2 Removed files: 0 Changed files: 4 --------------------------------------------------- Added files: --------------------------------------------------- added:/root/.xauth0VekVw added:/root/.xauthcvqPrt --------------------------------------------------- Changed files: --------------------------------------------------- changed:/root changed:/root/.lesshst changed:/bin changed:/bin/date -------------------------------------------------- Detailed information about changes: --------------------------------------------------- ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

CentOS Quick Start Guide

CentOS Quick Start Guide

Shiwang Kalkhanda
Mastering FreeBSD and OpenBSD Security

Mastering FreeBSD and OpenBSD Security

Paco Hope, Bruce Potter, Yanek Korff
Linux Server Hacks

Linux Server Hacks

Rob Flickenger

Publisher Resources

ISBN: 0596526822Errata Page