Aide

Home > HowTo > Aide

Einleitung

Aide ist ein Intrusion Detection System welches u.a. Pruefsummen von Datein speichert um Veraenderungen des Systems festzustellen.

Homepage

http://www.cs.tut.fi/~rammer/aide.html

Konfiguration (/etc/aide/aide.conf)

 
MyRule = p+i+n+u+g+s+b+m+c+md5+sha1 

# Next decide what directories/files you want in the database

/etc p+i+u+g     #check only permissions, inode, user and group for etc
/bin MyRule      # apply the custom rule to the files in bin 
/sbin MyRule     # apply the same custom rule to the files in sbin 
/var MyRule		
!/var/log/.*     # ignore the log dir it changes too often
!/var/spool/.*   # ignore spool dirs as they change too often
!/var/adm/utmp$  # ignore the file /var/adm/utmp
 

Links