AIDE Filesystem Integrity Checking Installation and Configuration on Ubuntu Linux

AIDE or Advanced Intrusion Detection Environment, is a file integrity checking tool and can detect unauthorized changes to configuration files . It is quite similar to Tripwire. It  will  take snapshot of filesystem state which includes permissions, modification times and
file hashes , then it can then be used to compare against the current state of the filesystem.

1. Install the package

apt install aide aide-common

2. Initialize AIDE

mv /var/lib/aide/ /var/lib/aide/aide.db

3. Check periodically the filesystem integrity

a. using cron to schedule

crontab -u root -e

add the following:

0 6 * * * /usr/bin/aide.wrapper –config /etc/aide/aide.conf –check

-checks every 6am daily
-uses /usr/bin/aide.wrapper in order to prevent conflicts  and protect the database as well

b. using timer file( aidecheck.timer) and service file (aidecheck.service)

-Verify if it is enabled:

systemctl is-enabled aidecheck.service
systemctl is-enabled aidecheck.timer
systemctl status aidecheck.timer

-Edit/Create /etc/systemd/system/aidecheck.service  and add the following:

Description=Aide Check
ExecStart=/usr/bin/aide.wrapper –config /etc/aide/aide.conf –check

-Edit/Create  /etc/systemd/system/aidecheck.timer and add the following:

Description=Aide check every day at 6AM
OnCalendar=*-*-* 06:00:00

-Run commands below:

chmod 0644 /etc/systemd/system/aidecheck.*
chown root:root /etc/systemd/system/aidecheck.*
systemctl daemon-reload
systemctl enable aidecheck.service
systemctl –now enable aidecheck.timer


About the author

Free Linux

View all posts

Leave a Reply