Highest Voted 'aide' Questions - Server Fault Stack Exchange

4

votes

1 answer

Auditing in linux

I am trying to setup a robust auditing mechanism on my centos 6.x boxes. I tried and tested various auditing tools like auditd aide psacct But none is full filling my requirement. My requirement is quite simple and I know one auditing system…

auditd aide

asked Jun 20 '15 at 10:30

thinkingmonster

171
3

4

votes

1 answer

AIDE - How to exclude whole folders?

I've recently installed AIDE on a server of mine after having a run in with hackers a week or so ago. There doesn't appear to be much documentation around for AIDE, especially on their website. I've found plenty of info on excluding certain file…

linux intrusion-detection aide

asked Aug 22 '12 at 10:39

goji

245
1
3
9

3

votes

1 answer

How do I interpret aide.log change summary

In the Changed files section of /var/log/aide/aide.log there are prefixes on each line starting with f or d. These signify what aspects of the file has changed, but I can't seem to track down what they mean. (Obviously I could look at the detailed…

linux security aide

asked Mar 23 '14 at 15:12

Alastair Irvine

1,172
10
22

3

votes

2 answers

aide --init show lots of errors

I have a brand new centos 6.2 server. The first thing I did is yum -y install aide and then next I did aide --init. Below is a whole lot of errors I got.What does it means must I reinstall it? Or leave it ? /usr/sbin/prelink: /usr/sbin/lusermod: at…

linux dependencies intrusion-detection aide

asked May 27 '12 at 05:30

newbie14

149
2
8

2

votes

1 answer

Analyse of logwatch and aide file

We have both logwatch and aide file. We would like to know how to know if there any intrusion have had taken place as this server was not active for some time. We quite a number of this entries in the aide files. Does this means some thing wrong…

centos logwatch aide

asked Aug 31 '12 at 14:18

user132638

151
1
2
8

2

votes

0 answers

Does AIDE support scanning memfd files?

Happy to be here with my first question! I am using AIDE for file integrity checking. Today I came across an article which details a technique to run malware droppers without touching file system, by using memfd. The article can be accessed…

linux aide

asked Aug 25 '21 at 02:05

Xuo Guoto

31
1

1

vote

1 answer

SELinux: AIDE Trying to Access SSSD Socket

I'm getting SELinux denials indicating that /usr/sbin/aide is trying to access a socket used by SSSD: the socket path is /var/lib/sss/pipes/nss. Here is the relevant text from sealert: Additional Information: Source Context …

selinux aide

asked Jun 14 '19 at 12:39

Nester

31
2

1

vote

1 answer

Interpreting flags in AIDE daily report

My questions is about the flags displayed by AIDE for each file in daily email reports. For example for new files its shows as follows: f++++++++++++++++: /var/cache/apt/archives/squashfs-tools_1%3a4.4-1ubuntu0.1_amd64.deb I can deduce that f…

linux aide

asked Sep 01 '21 at 07:23

Xuo Guoto

31
1

1

vote

1 answer

AIDE reporting file additions to folder marked ACL only

I have a server configured with AIDE and I'm trying to tune out false positives. I received an alert this morning that a file had been added to a folder that I believe should only alert on ACL changes, unless I'm misunderstanding something. Here are…

centos7 aide

asked Jan 30 '20 at 16:55

ebarrere

331
1
3
13

0

votes

1 answer

Salt-Stack init process after package is installed

Installing AIDE needs to follow by a init proces. aide: pkg: - installed Now the following commands need to run only once: /usr/sbin/aide --config=/etc/aide.conf --init mv -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz How to manage this…

saltstack aide

asked Apr 12 '19 at 17:38

BdK

1
1

0

votes

1 answer

Cannot run an "initialise" function in Puppet after installing package

OK I have been working on puppet for 12 months, I am deploying a manifest to install the "aide" package, but I cannot see any option to trigger the 'initialise' of aide after install of the package. There is no "notify" function on the "package"…

puppet aide

asked Apr 17 '18 at 22:06

Robert Osbourne

1
2

0

votes

3 answers

cron job executing script not writing to file

I have a server running AIDE, and a cron job that runs executes a bash script and sends an email alert out. It is still a WIP, but I can't get the script to run properly. When the script is executed, my output file defined here /sbin/aide --check >…

linux centos cron aide

asked Jun 28 '16 at 22:43

popopanda

201
3
4

0

votes

1 answer

AIDE Self Protection - Best Practices

I set up a pretty simple server and tried to make it secure using some tools and some guidelines which I think are not too bad. I came up using AIDE, which is fast as an implementation of an intrusion detection system. I perform a daily check which…

linux amazon-web-services aide

asked Jun 17 '16 at 08:18

maxik

111
1
5

0

votes

1 answer

Integrity checking vs. audit

In RHEL5 Security Guide using of AIDE for checking software integrity is recomended. And also built-in RPM integrity checking functionality. But frequent checking can be resource demanding and rare might not be very useful. On the other hand,…

best-practices audit aide

asked Apr 25 '13 at 06:12

akalenuk

533
2
6
16

0

votes

1 answer

How to install `aide` without `aide-common` in debian?

Per this post, Newer versions of Ubuntu (including 14.04) come with two packages for AIDE: aide, with the aide command and manual page, and little else aide-common, with a wrapper around that command, configuration files with rules, and cron…

ubuntu debian auditd aide

asked Jun 12 '21 at 09:56

kittygirl

855
4
10
29

Questions tagged [aide]