Einleitung
Aide ist ein Intrusion Detection System welches u.a. Pruefsummen von Datein speichert um Veraenderungen des Systems festzustellen.
Homepage
http://www.cs.tut.fi/~rammer/aide.html
Konfiguration (/etc/aide/aide.conf)
MyRule = p+i+n+u+g+s+b+m+c+md5+sha1 # Next decide what directories/files you want in the database /etc p+i+u+g #check only permissions, inode, user and group for etc /bin MyRule # apply the custom rule to the files in bin /sbin MyRule # apply the same custom rule to the files in sbin /var MyRule !/var/log/.* # ignore the log dir it changes too often !/var/spool/.* # ignore spool dirs as they change too often !/var/adm/utmp$ # ignore the file /var/adm/utmp