aide/README.quickstart

1) Customize /etc/aide.conf to your liking. In particular, add
   important directories and files which you would like to be
   covered by integrity checks. Avoid files which are expected
   to change frequently or which don't affect the safety of your
   system.

2) Run "/usr/sbin/aide --init" to build the initial database.
   With the default setup, that creates /var/lib/aide/aide.db.new.gz

3) Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.new.gz
   in a secure location, e.g. on separate read-only media (such as
   CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures
   of those files in a secure location, so you have means to verify
   that nobody modified those files.

4) Copy /var/lib/aide/aide.db.new.gz to /var/lib/aide/aide.db.gz
   which is the location of the input database.

5) Run "/usr/sbin/aide --check" to check your system for inconsistencies
   compared with the AIDE database. Prior to running a check manually,
   ensure that the AIDE binary and database have not been modified
   without your knowledge.
   
   Caution! 
   
   With the default setup, an AIDE check is not run periodically as a
   cron job. It cannot be guaranteed that the AIDE binaries, config
   file and database are intact. It is not recommended that you run
   automated AIDE checks without verifying AIDE yourself frequently.
   In addition to that, AIDE does not implement any password or
   encryption protection for its own files.
   
   It is up to you how to put a file integrity checker to good effect
   and how to set up automated checks if you think it adds a level of
   safety (e.g. detecting failed/incomplete compromises or unauthorized
   modification of special files). On a compromised system, the
   intruder could disable the automated check. Or he could replace the
   AIDE binary, config file and database easily when they are not
   located on read-only media.
auto-import changelog data from aide-0.10-0.fdr.0.1.cvs20031104.rh90.src.rpm 0.10-0.fdr.0.1.cvs20031104 - Only tar.gz available upstream. - byacc not needed when bison -y is available. - Installed Russian manual pages. - Updated with changes from CVS (2003-11-04). - getopt patch merged upstream. - bison-1.35 patch incorporated upstream. 0.9-0.fdr.0.2.20030902 - Added fixes for further memleaks. 0.9-0.fdr.0.1.20030902 - Initial package version. 2004-11-08 04:00:58 +00:00			`1) Customize /etc/aide.conf to your liking. In particular, add`
			`important directories and files which you would like to be`
			`covered by integrity checks. Avoid files which are expected`
			`to change frequently or which don't affect the safety of your`
			`system.`

			`2) Run "/usr/sbin/aide --init" to build the initial database.`
			`With the default setup, that creates /var/lib/aide/aide.db.new.gz`

			`3) Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.new.gz`
			`in a secure location, e.g. on separate read-only media (such as`
			`CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures`
			`of those files in a secure location, so you have means to verify`
			`that nobody modified those files.`

			`4) Copy /var/lib/aide/aide.db.new.gz to /var/lib/aide/aide.db.gz`
			`which is the location of the input database.`

			`5) Run "/usr/sbin/aide --check" to check your system for inconsistencies`
			`compared with the AIDE database. Prior to running a check manually,`
			`ensure that the AIDE binary and database have not been modified`
			`without your knowledge.`

			`Caution!`

			`With the default setup, an AIDE check is not run periodically as a`
			`cron job. It cannot be guaranteed that the AIDE binaries, config`
			`file and database are intact. It is not recommended that you run`
			`automated AIDE checks without verifying AIDE yourself frequently.`
			`In addition to that, AIDE does not implement any password or`
			`encryption protection for its own files.`

			`It is up to you how to put a file integrity checker to good effect`
auto-import changelog data from aide-0.10-0.fdr.0.2.cvs20031104.1.src.rpm 0.10-0.fdr.0.2.cvs20031104 - Added buildreq m4 to work around incomplete deps of bison package. 2004-11-08 04:01:04 +00:00			`and how to set up automated checks if you think it adds a level of`
auto-import changelog data from aide-0.10-0.fdr.0.1.cvs20031104.rh90.src.rpm 0.10-0.fdr.0.1.cvs20031104 - Only tar.gz available upstream. - byacc not needed when bison -y is available. - Installed Russian manual pages. - Updated with changes from CVS (2003-11-04). - getopt patch merged upstream. - bison-1.35 patch incorporated upstream. 0.9-0.fdr.0.2.20030902 - Added fixes for further memleaks. 0.9-0.fdr.0.1.20030902 - Initial package version. 2004-11-08 04:00:58 +00:00			`safety (e.g. detecting failed/incomplete compromises or unauthorized`
			`modification of special files). On a compromised system, the`
			`intruder could disable the automated check. Or he could replace the`
			`AIDE binary, config file and database easily when they are not`
			`located on read-only media.`