How to install aide centos

-

Introduction

In this tutorial, we will explore how to install and configure AIDE (Advanced Intrusion Detection Environment) on CentOS. AIDE is a powerful tool designed for monitoring changes to files on the system, helping you detect unauthorized access and modifications. 

Ideal for system administrators and security professionals, this guide will provide step-by-step instructions to ensure a successful setup of AIDE on your CentOS system. By the end of this tutorial, you will have a robust intrusion detection system in place, capable of providing detailed reports about the integrity of your files and system security.

What does Aide mean

AIDE is one of the most popular tools for monitoring the server changes in a LINUX based system.  It call as Advanced Intrusion Detection Environment.

Install AIDE on Centos

$ sudo yum install aide
Check AIDE Version on your system
$ sudo aide -v

Configure AIDE

$ sudo cp /etc/aide.conf /etc/aide.conf_BK
Add lines not check /tmp and /proc in aide.conf file
!/tmp
!/proc

Create the database

$ sudo aide --init
$ sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
$ sudo cd /var/lib/aide

Run the AIDE check

$ sudo aide --check

Set cronjob to run AIDE check

$ sudo vi /etc/cron.daily/aide

// The content as below:

#!/bin/bash

MAILTO=root
LOGFILE=/var/log/aide/aide.log
AIDEDIR=/var/lib/aide

/usr/sbin/aide  -u > $LOGFILE
cp $AIDEDIR/aide.db.new.gz $AIDEDIR/aide.db.gz

x=$(grep "Looks okay" $LOGFILE | wc -l)

if [ $x -eq 1 ]
then
    echo "All Systems Look OK" | /bin/mail -s "AIDE OK" $MAILTO
else
    echo "$(egrep "added|changed|removed" $LOGFILE)" | /bin/mail -s "AIDE DETECTED CHANGES" $MAILTO
fi
exit

Change mode aide file

$ sudo chmod 755 /etc/cron.daily/aide

For example, Check log change

$ sudo egrep "added|changed|removed" /var/log/aide/aide.log

How to install aide centos


Conclusion

Successfully installing AIDE on CentOS marks a significant step towards enhancing your system's security. By following the steps outlined in this tutorial, you now have a powerful tool at your disposal to monitor and detect any unauthorized changes to your system files. 

It is essential to regularly update AIDE's database and review the reports generated by AIDE to ensure your system remains secure. With AIDE configured, you can have greater peace of mind knowing that you have proactive measures in place to alert you of potential security breaches. Remember, the key to maintaining a secure system is ongoing vigilance and timely response to any alerts issued by AIDE.

Comments

Post a Comment

Popular posts from this blog

zimbra some services are not running [Solve problem]

-
Introduction How to solved zimbra some services are not running. That after, to installed zimbra mail server. The display a some admin console status red in environment multiple server ( zimbra ldap, zimbra mailbox, zimbra mta etc.). Link to below you maybe likes: How to install and configure zimbra multi server.   How to restrict to user sending mail on zimbra 8.6. How to Restrict Sending to Distribution list in zimbra mail. How to change last login time for all accounts in zimbra ldap. How to zimbra reject authenticated sender login mismatch. Error zimbra some services are not running as bellow Step by step guide the solve problem zimbra some services are not running To restart and enable cron service the permanently. service crond restart chkconfig crond on Opening rsyslog.conf file and uncomment the following. vim /etc/rsyslog.conf Uncomment these two lines $modload imupd $UDPServerRun514   To restart and enable rsyslog service the permanently. servic...
Read more

Bash script list all IP addresses connected to Server with Country Information

-
Introduction This script is designed to list all IP addresses connected to your server, retrieve geographical information for each IP using ipinfo.io , and display the results in a clean format. This guide will walk you through the script, explaining each part in detail, and ensuring you understand how to implement and use it effectively. What is Bash? Bash (Bourne Again Shell) is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. It has since become the default login shell for most Linux distributions. Bash can execute commands, read and execute commands from a file, and provide constructs for condition testing, looping, and functions. Prerequisites A Linux -based server with administrative privileges. Internet connection for accessing ipinfo.io . Basic knowledge of Bash scripting. List all IP addresses connected to Server us Bash Script Running to bash script list all IP addresses connected to Server ./stu...
Read more

Zimbra Client host rejected Access denied fixed

-
Introduction While using Zimbra , you might encounter the "Client host rejected: Access denied" error, which can disrupt your workflow. This is a common issue that can be resolved easily if you understand the causes and the solutions. This article provides a detailed guide on how to fix this error on Zimbra, helping you quickly resume your work smoothly. Zimbra client host rejected Access denied error log Dec 19 01:21:28 mail postfix/amavisd/smtpd[5106]: NOQUEUE: reject: CONNECT from unknown[192.168.1.113]: 554 5.7.1 <unknown[192.168.1.113]>: Client host rejected: Access denied; proto=SMTP Dec 19 01:21:28 mail postfix/amavisd/smtpd[5106]: lost connection after CONNECT from unknown[192.168.1.113] Dec 19 01:21:28 mail postfix/amavisd/smtpd[5106]: disconnect from unknown[192.168.1.113] Allow the network " 192.168.1.0/24 " of client host for zimbraMtaMyNetworks attribute [zimbra@mail ~]$ zmprov ms `zmhostname` zimbraMtaMyNetworks "127.0.0.0/8 192.1...
Read more