Atlantic.Net Blog

How to Install and Use AIDE in Debian 10

Hitesh Jethva
by Atlantic.Net (272 posts) under Dedicated Server Hosting, Tutorials
0 Comments

AIDE is an advanced intrusion detection system that protects a system against viruses, rootkits, malware, and unauthorized activities. It is a host-based file and directory integrity checker that compares the system files information and attributes with a database initially created by AIDE. Whenever someone makes any changes to your system, AIDE compares the database against the real status of the system and reports it to you.

In this post, we will show you how to install and use AIDE on Debian 10.

Prerequisites

  • A fresh Debian 10 server on the Atlantic.Net Cloud Platform
  • A root password configured on your server

Step 1 – Create Atlantic.Net Cloud Server

First, log in to your Atlantic.Net Cloud Server. Create a new server, choosing Debian 10 as the operating system with at least 2GB RAM. Connect to your Cloud Server via SSH and log in using the credentials highlighted at the top of the page.

Once you are logged in to your Debian 10 server, run the following command to update your base system with the latest available packages.

apt-get update -y

Step 2 – Install AIDE

By default, AIDE is available in the Ubuntu 20.04 default repository. You can install it using the following command:

apt-get install aide -y

After the installation, you can verify the AIDE version with the following command:

aide -v

Sample output:

Aide 0.16.1

Compiled with the following options:

WITH_MMAP
WITH_PCRE
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_E2FSATTRS
WITH_LSTAT64
WITH_READDIR64
WITH_ZLIB
WITH_MHASH
WITH_AUDIT
CONFIG_FILE = "/dev/null"

Step 3 – Initialize AIDE Database

Before starting, you will need to create a new AIDE database. You can create it with the following command:

aideinit

This will creates a new database at /var/lib/aide/aide.db.new:

Running aide --init...
Start timestamp: 2021-07-13 08:53:19 +0000 (AIDE 0.16.1)
AIDE initialized database at /var/lib/aide/aide.db.new
Verbose level: 6

Number of entries:	37719

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.new
  RMD160   : EKLJYOgQoxA1T1rDaDwSKPT+zS8=
  TIGER    : ++cPjPggEXIiZPv7/6wxgVw50ddXpE3g
  SHA256   : pa9MXZXSt0Oq80rSeYry1IA6u48mAJ65
             CxhD6wpU0SE=
  SHA512   : sgB/1IhSDZAjJ8kPEbANX0EVc1v/M4BA
             qJh7ab0KY1q+f8QxY3xxDBzpOuLKEl3I
             b1C5px59JEqTy8F8u7oWQQ==
  CRC32    : R/I+2g==
  HAVAL    : 5shLpFN9owhYyjVC9F822TcVDOkXvhv+
             Xt4HSJ28fJs=
  GOST     : u/AioKKAQNB77sCvgUCzc2fJtYWzsM+W
             xG0U1LGPgHQ=


End timestamp: 2021-07-13 08:54:54 +0000 (run time: 1m 35s)

In order to use the new AIDE database, you will need to copy and replaced it with name aide.db:

cp /var/lib/aide/aide.db{.new,}

Next, rebuild the AIDE configuration file using the following command:

update-aide.conf

This will create a new configuration file at /var/lib/aide/aide.conf.autogenerated.

Next, copy the new configuration file to the default AIDE config directory:

cp /var/lib/aide/aide.conf.autogenerated /etc/aide/aide.conf

Step 4 – Verify AIDE

At this point, AIDE is installed and configured. Now, it’s time to check whether AIDE works or not.

To do so, create some files inside /etc directory with the following command:

echo "How to Install AIDE" > /etc/test
touch /etc/file1.txt

Next, run the AIDE check on /etc directory to detect new files:

aide -c /etc/aide/aide.conf --limit /etc --check

You should see the changes detected by AIDE in the following output:

End timestamp: 2021-07-13 08:57:42 +0000 (run time: 0m 11s)
[email protected]:~# echo "How to Install AIDE" > /etc/test
[email protected]:~# aide -c /etc/aide/aide.conf --limit /etc --check
Start timestamp: 2021-07-13 08:58:35 +0000 (AIDE 0.16.1)
AIDE found differences between database and filesystem!!
Limit: /etc | Verbose level: 6

Summary:
  Total number of entries:	37721
  Added entries:		2
  Removed entries:		0
  Changed entries:		1

---------------------------------------------------
Added entries:
---------------------------------------------------

f++++++++++++++++: /etc/file1.txt
f++++++++++++++++: /etc/test

---------------------------------------------------
Changed entries:
---------------------------------------------------

f >b... mc..C.. .: /etc/aide/aide.conf

---------------------------------------------------

If you want to add a new file definition to the AIDE database, run the following command:

aide --update

In order to use the new database for future scans, rename the newly created database to /var/lib/aide/aide.db.gz:

mv /var/lib/aide/aide.db.new.gz  /var/lib/aide/aide.db.gz

Step 5 – Configure AIDE to Alert via Email

You can also configure AIDE to send a daily report by email. You can do it by editing the file /etc/default/aide:

nano /etc/default/aide

Find the following line:

MAILTO=root

And, replace it with the following line:

[email protected]

Save and close the file, then edit the /etc/aliases file:

nano /etc/aliases

Add the following line:

root:   [email protected]

Save and close the file, then update the aliases with the following command:

newaliases

Conclusion

In the above guide, you learned how to install and use AIDE on Debian 10. You can now implement AIDE in the production server to protect it from viruses, rootkits, and malware – you can use AIDE on your dedicated server from Atlantic.Net.

Get A Free To Use Cloud VPS

Free Tier Includes:
G3.2GB Cloud VPS Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


Looking for a Hosting Solution?

We Provide Cloud, Dedicated, & Colocation.

  • Seven Global Data Center Locations.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now! Med Tech Award FTC
SOC Audit HIPAA Audit HITECH Audit

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G3.2GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources