software integrity on Centos Linux 5

Submitted by sklav on Mon, 05/19/2008 - 10:59

To install AIDE, using following command:

# yum install aide

To configure AIDE, customize the /etc/aide.conf to meet the requirements of the system. For more detailed information about the AIDE configuration file, please refer the man page of aide.conf.

To generate a new database and install it on AIDE system:

# aide --init
# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

By default, the program will create a new file aide.db.new.gz in the /var/lib/aide/ directory. This must be installed on the system manually by using the copy command. Typically, system administrator should create an AIDE database on a new system before the system is connected to any network.

To check the inconsistencies between the current system and the AIDE database, running following command:

# aide --check

or

# aide

If the check produces any unexpected output, investigate and fix it as soon as possible.

If the changes are expected then you can issue the following command to update the AIDE Database,

# aide --update

The aide command can also be run as a crontab job to do periodic integrity checking.

*** It is recommended that you keep a pristine copy of the database off the actual workstation / Server. ***

*** This document was originally posted on Redhat Magazine , updated with some minor additions that i believe are needed.***