linux:linux-hardening:aide
Secure Server Builds
Aide
aide is not included by default with RHEL you will need install it from the install cd
# rpm -Uvh aide……rpm
Generate a new database:
# /usr/sbin/aide --init
By default, the database will be written to the file /var/lib/aide/aide.db.new.gz. The database, as well as the configuration file /etc/aide.conf and the binary /usr/sbin/aide (or hashes of these files) should be copied and stored in a secure location. Storing these copies or hashes on read-only media may provide further confidence that they will not be altered.
Install the newly-generated database:
# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
Run a manual check:
# /usr/sbin/aide --check
If this check produces any unexpected output, investigate.
You should implement daily checking
Edit /etc/crontab and add the following
# Aide security checknig runs every day at 4:05 AM 05 4 * * * root /usr/sbin/aide --check
linux/linux-hardening/aide.txt · Last modified: by 127.0.0.1