Tag: detect intrusion with aide

Detect Intrusion and Check Linux File System Integrity with AIDE

If you suspect that your system was compromised and files and/or their permissions were modified by the intruder, you can use AIDE to check your file system against some modifications.

AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and intrusion detection program. AIDE is used to scan the system when it’s in known good state – it collects information about files and their permissions in the file system and writes gathered information to the database. Once the database is initialized it can be used to verify the integrity of the files in case of some compromise is suspected. All of the usual file attributes can be checked for inconsistencies.

In this tutorial we will show you how to install and deploy AIDE on CentOS/Fedora/RedHat.
Read More