rpms/aide
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c10s
aide/README.quickstart
Super User 68a98f660c RHEL-10.3 ERRATUM 
Add aide timer for regular execution of aide
Resolves: RHEL-123520
Support for included files in /etc/aide.d/
Resolves: RHEL-141673
Increase default values for num_workers
Resolves: RHEL-141678
2026-06-04 14:24:33 +02:00

48 lines
2.0 KiB
Plaintext
Raw Permalink Blame History

1) Customize /etc/aide.conf to your liking. In particular, add
important directories and files which you would like to be
covered by integrity checks. Avoid files which are expected
to change frequently or which don't affect the safety of your
system.
2) Run "/usr/sbin/aide --init" to build the initial database.
With the default setup, that creates /var/lib/aide/aide.db.new.gz
3) Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.new.gz
in a secure location, e.g. on separate read-only media (such as
CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures
of those files in a secure location, so you have means to verify
that nobody modified those files.
4) Copy /var/lib/aide/aide.db.new.gz to /var/lib/aide/aide.db.gz
which is the location of the input database.
5) Run "/usr/sbin/aide --check" to check your system for inconsistencies
compared with the AIDE database. Prior to running a check manually,
ensure that the AIDE binary and database have not been modified
without your knowledge.
6) To schedule daily integrity checks, enable the systemd timer:
systemctl enable --now aide-check.timer
View results with: journalctl -u aide-check
Check timer status with: systemctl status aide-check.timer
The timer runs daily with low CPU/IO priority to minimize impact
on production workloads. It is disabled by default — only enable
it after initializing the database (steps 2-4).
Caution!
It cannot be guaranteed that the AIDE binaries, config file and
database are intact. It is not recommended that you run automated
AIDE checks without verifying AIDE yourself frequently. In addition
to that, AIDE does not implement any password or encryption
protection for its own files.
It is up to you how to put a file integrity checker to good effect.
On a compromised system, the intruder could disable the automated
check. Or he could replace the AIDE binary, config file and database
easily when they are not located on read-only media.
Reference in New Issue View Git Blame Copy Permalink