What does Aide mean
AIDE is one of the most popular tools for monitoring the server changes in a LINUX based system. It call as Advanced Intrusion Detection Environment.
Install AIDE on Centos
$ sudo yum install aide
Check AIDE Version on your system
$ sudo aide -v
Configure AIDE
$ sudo cp /etc/aide.conf /etc/aide.conf_BK
Add lines not check /tmp and /proc in aide.conf file
!/tmp
!/proc
Create the database
$ sudo aide --init
$ sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
$ sudo cd /var/lib/aide
Run the AIDE check
$ sudo aide --check
Set cronjob to run AIDE check
$ sudo vi /etc/cron.daily/aide
// The content as below:
#!/bin/bash
MAILTO=root
LOGFILE=/var/log/aide/aide.log
AIDEDIR=/var/lib/aide
/usr/sbin/aide -u > $LOGFILE
cp $AIDEDIR/aide.db.new.gz $AIDEDIR/aide.db.gz
x=$(grep "Looks okay" $LOGFILE | wc -l)
if [ $x -eq 1 ]
then
echo "All Systems Look OK" | /bin/mail -s "AIDE OK" $MAILTO
else
echo "$(egrep "added|changed|removed" $LOGFILE)" | /bin/mail -s "AIDE DETECTED CHANGES" $MAILTO
fi
exit
Change mode aide file
$ sudo chmod 755 /etc/cron.daily/aide
For example, Check log change
$ sudo egrep "added|changed|removed" /var/log/aide/aide.logYou have installed on your system. Have a good nice!
Thanks for reading How to install aide centos My blog Zimbra Mail Server,linux,bash script,centos,linux command I hope this is useful.
