tutorial - Quick Configuration of AIDE (Advanced Intrusion Detection Environment)

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Default configuration of aide is quite fine. But we are going to tweak it slightly more.

Send the report

Reports which are created once a day can be sent to a custom address. you need to change the variable MAILTO to which ever address you like. Default is to send them to root on localhost.
To change it, open and edit /etc/default/aide

Configuring aide

Most AIDE configuration is in file /etc/aide/aide.conf. This file is pretty well documented and default rules are descent but we are going to make some slight changes.

AIDE aims at reporting files that changed since the last snapshot (/var/lib/aide/aide.db). A good security measure is to keep that file on a read-only device such as a floppy disk or a cdrom. If your machine has such a device, you could use the snapshot from that device. So let say that you have a copy of aide.db on a cdrom.

To use that snapshot, you could change:
database=file:/var/lib/aide/aide.db
to
database=file:/media/cdrom/aide.db 
instead. That way, if an intruder get into your machine, he won’t be able to modify aide.db.

By default, AIDE checks for changes in Binaries and Libraries directories. Those changes are matched to the BinLib rule, which basically check for any changes in permissions, ownership, modification, access and creation date, size change, md5 and sha1 signature, inode, number of links and block count. Then, it also check for modifications in the log files against the rule Logs. Because log files tends to grow, you cannot use a signature there and you also have to asked aide not to check for size modification (S). Okie, this should be enough to get to understand how aide works. Reading through /etc/aide/aide.conf is a good place to learn more.

To make aide /etc/. To do so, added: /etc ConfFiles in /etc/aide/aide.conf, this will check for changes in /etc/.

Updating aide

aide is run on a daily basis through the script /etc/cron.daily/aide. Default settings in /etc/default/aide tells aide to update it’s database. Using database_out value in /etc/aide/aide.conf, aide is going to output a new database any time it runs in /var/lib/aide/aide.db.new if you kept the default settings.

Any time you will install new packages, change some configuration settings… it will be worth using an up-to-date database so aide won’t report any changes or addition in /etc/mynewsoft, /bin/mynewsoft …
So, when you install new softwares, make some configuration changes …, run:
# /etc/cron.daily/aide
Then, check in the report that modifications were only brought to the files you intended to modify and that added files are only coming from packages you have just installed.

Once you are sure that everything is fine, copy the new database to whatever place your database points to (cdrom, floppy, somewhere on you filesystem….).This way, you will get lighter reports next time aide runs.






Free, facebook, tips, Links, blogging, Downloads, Google, facebookTips, money, news, apps, Social, Media, Website, Tricks, games, Android, software, PIctures, Internet, Security, Web, codes, Review, bloggers, SAMSUNG, Worldwide, Contest, Exitic, Phones, facebookTricks, hacking, London, Olympics, SEO, Youtube, iOS, Adsense, gadgets, iPHONE, widgets, Doodle, twitter, video, Deals, technology, Aircel, Airtel, iPAD, Angry, Birds, BSNL, TechLife, GMAIL, Idea, Microsoft, SmartPhones, Stress, Buster, Windows, Yahoo, Infolinks, Nokia, Scam, Uninor, browsers, Amazon, Euro, CUP, Chat, IDM, JOBS, Modem, Music, Reliance, Results, SSC, Tata, Docomo, bing, freebie, mobile, placements, AIEEE, AlertPay, Chrome, College, Competetive, Exam, Dehradun, Extension, FireFox, GPRS, HTC, IMPACT, Info, MTS, Mark, Zukerberg, Paypal, Promotional, Post, Torrent, UTU, Unlocking, VodaFone, Wall, Paper, apple, books, engineering, iCAR, iTunes, pinterest, rovio, AVG, Admit, Card, Adobe, Affiliate, Marketing, Akhilesh, Amul, Girl, BlackBerry, ChromeBook, Clixsense, Coupon, Digitallife, Discovery, Emoticons, Festival, GATE, GIMP, Income, Tax, International, JSS, JailBreaking, Kindle, Linux, Local, MAX, PAYNE, Mac, Mango, Memory, Speed, Nexus, Online, Shopping, Raakhi, Report, Rising, Stars, Sample, Science, Sony, Syllabus, TabletBooK, Teamviewer, Templates, Dark, Knight, Rises, USA, UPMT, Virgin, Xperia, ZTE, challan, counselling, course, btech, funny, iMOVE, registration

source:http://linuxpoison.blogspot.com/2008/08/13578175806939.html

Labels

Web Search Gmail Google Docs Mobile YouTube Google Maps Google Chrome User interface Tips iGoogle Social Google Reader Traffic Making Devices cpp programming Ads Image Search Google Calendar tips dan trik Google Video Google Translate web programming Picasa Web Albums Blogger Google News Google Earth Yahoo Android Google Talk Google Plus Greasemonkey Security software download info Firefox extensions Google Toolbar Software OneBox Google Apps Google Suggest SEO Traffic tips Book Search API Acquisitions InOut Visualization Web Design Method for Getting Ultimate Traffic Webmasters Google Desktop How to Blogging Music Nostalgia orkut Google Chrome OS Google Contacts Google Notebook SQL programming Google Local Make Money Windows Live GDrive Google Gears April Fools Day Google Analytics Google Co-op visual basic Knowledge java programming Google Checkout Google Instant Google Bookmarks Google Phone Google Trends Web History mp3 download Easter Egg Google Profiles Blog Search Google Buzz Google Services Site Map for Ur Site game download games trick Google Pack Spam cerita hidup Picasa Product's Marketing Universal Search FeedBurner Google Groups Month in review Twitter Traffic AJAX Search Google Dictionary Google Sites Google Update Page Creator Game Google Finance Google Goggles Google Music file download Annoyances Froogle Google Base Google Latitude Google Voice Google Wave Google Health Google Scholar PlusBox SearchMash teknologi unik video download windows Facebook Traffic Social Media Marketing Yahoo Pipes Google Play Google Promos Google TV SketchUp WEB Domain WWW World Wide Service chord Improve Adsence Earning jurnalistik sistem operasi AdWords Traffic App Designing Tips and Tricks WEB Hosting linux How to Get Hosting Linux Kernel WEB Errors Writing Content award business communication ubuntu unik