IDS - AIDE

We use AIDE (Advanced Intrusion Detection Environment) for our IDS (Intrusion Detection System).

Here's a few notes of how to set it up.

yum install aide

aide --init
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
aide --check

aide --update

Create a shell script to run it and e-mail over the results

cat > /var/log/aide/aidechk.sh

#!/bin/sh
DATE=`date +%Y-%m-%d`
echo $DATE
REPORT="Aide-"$DATE.txt
echo $REPORT
echo "System check !! `date`" > /tmp/$REPORT
aide --check > /tmp/aidecheck.txt
cat /tmp/aidecheck.txt|/bin/grep -v failed >> /tmp/$REPORT
echo "**************************************" >> /tmp/$REPORT
tail -20 /tmp/aidecheck.txt >> /tmp/$REPORT
echo "****************DONE******************" >> /tmp/$REPORT
mail -s "$REPORT `date`" EMAILADDRESS < /tmp/$REPORT
aide --update

Set permissions to execute

chmod +x /var/log/aide/aidechk.sh

And add it to your crontab

00 01 * * 0-6 /var/log/aide/aidechk.sh



Want to get in touch?