Site icon Free Linux Tutorials

AIDE Filesystem Integrity Checking Installation and Configuration on Ubuntu Linux

AIDE or Advanced Intrusion Detection Environment, is a file integrity checking tool and can detect unauthorized changes to configuration files . It is quite similar to Tripwire. It  will  take snapshot of filesystem state which includes permissions, modification times and
file hashes , then it can then be used to compare against the current state of the filesystem.

1. Install the package

apt install aide aide-common

2. Initialize AIDE

aideinit
mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db


3. Check periodically the filesystem integrity

a. using cron to schedule

crontab -u root -e

add the following:

0 6 * * * /usr/bin/aide.wrapper –config /etc/aide/aide.conf –check

where:
-checks every 6am daily
-uses /usr/bin/aide.wrapper in order to prevent conflicts  and protect the database as well

b. using timer file( aidecheck.timer) and service file (aidecheck.service)

-Verify if it is enabled:

systemctl is-enabled aidecheck.service
systemctl is-enabled aidecheck.timer
systemctl status aidecheck.timer

-Edit/Create /etc/systemd/system/aidecheck.service  and add the following:

[Unit]
Description=Aide Check
[Service]
Type=simple
ExecStart=/usr/bin/aide.wrapper –config /etc/aide/aide.conf –check
[Install]
WantedBy=multi-user.target

-Edit/Create  /etc/systemd/system/aidecheck.timer and add the following:

[Unit]
Description=Aide check every day at 6AM
[Timer]
OnCalendar=*-*-* 06:00:00
Unit=aidecheck.service
[Install]
WantedBy=multi-user.target

-Run commands below:

chmod 0644 /etc/systemd/system/aidecheck.*
chown root:root /etc/systemd/system/aidecheck.*
systemctl daemon-reload
systemctl enable aidecheck.service
systemctl –now enable aidecheck.timer

Exit mobile version