Atlantic.Net Blog

How to Install and Use AIDE in Oracle Linux 8

October 11, 2022 by ( 680 ) under Dedicated Server Hosting

0 Comments

AIDE, also called “Advanced Intrusion Detection Environment,” is a free and open-source file integrity monitoring tool for Linux-based systems. It monitors changes in your Linux system and notifies you of them via email. It uses several algorithms, including md5, sha1, rmd160, and tiger, to check file integrity. Generally, AIDE checks file permissions, inodes, modification time, file contents, user, group, file size, and more.

In this post, we will explain how to install and use AIDE on Oracle Linux 8.

In This Article

Step 1 – Install AIDE

By default, the AIDE package is included in the Oracle Linux 8 default repository. You can install it by just running the following command:

dnf install aide -y

After the successful installation, you can see the AIDE package information using the following command:

rpm -qi aide

You should see the AIDE package information in the following output:

Name        : aide
Version     : 0.16
Release     : 14.el8_5.1
Architecture: x86_64
Install Date: Thursday 01 September 2022 08:39:20 AM EDT
Group       : Unspecified
Size        : 374719
License     : GPLv2+
Signature   : RSA/SHA256, Monday 07 February 2022 05:50:45 AM EST, Key ID 82562ea9ad986da3
Source RPM  : aide-0.16-14.el8_5.1.src.rpm
Build Date  : Monday 07 February 2022 05:14:29 AM EST
Build Host  : build-ol8-x86_64.oracle.com
Relocations : (not relocatable)
Vendor      : Oracle America
URL         : http://sourceforge.net/projects/aide
Summary     : Intrusion detection environment
Description :
AIDE (Advanced Intrusion Detection Environment) is a file integrity
checker and intrusion detection program.

Step 2 – Initialize the AIDE Database

After installing AIDE, you will need to create a database for your current system state. You can create it with the following command:

aide --init

Once the AIDE database is created, you will get the following output:

Start timestamp: 2022-09-01 08:41:55 -0400 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new.gz

Number of entries:	120136

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.new.gz
  MD5      : HrRHisua7lg4j9+Age/DDA==
  SHA1     : E96LC//yREmtEYUbjhI3Q5I//r8=
  RMD160   : bxdClGATptUZyMcmMOk/yiOWAbY=
  TIGER    : YPZ5DlnYs1b1rlAfL9XXou7d4VwxsNyJ
  SHA256   : Ys9VwAjaNQweueE8q8K276T16o/y9GY/
             jUhvHS68IOg=
  SHA512   : Ra6uKNRCCvXc3NRQvPcARkaGaEvF6qr9
             1qOZtJUsw24ksp416FX1FYVgN3r6Yo+3
             52IebFgabo6s7pDuJvv2Fg==


End timestamp: 2022-09-01 08:42:25 -0400 (run time: 0m 30s)

Next, copy your newly created database to the master database with the following command:

cp -p /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Next, verify the AIDE configuration using the following command:

aide -D

Next, check the database against your system baseline with the following command:

aide --check

You will get the following output:

Start timestamp: 2022-09-01 08:44:04 -0400 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!

Number of entries:	120136

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.gz
  MD5      : HrRHisua7lg4j9+Age/DDA==
  SHA1     : E96LC//yREmtEYUbjhI3Q5I//r8=
  RMD160   : bxdClGATptUZyMcmMOk/yiOWAbY=
  TIGER    : YPZ5DlnYs1b1rlAfL9XXou7d4VwxsNyJ
  SHA256   : Ys9VwAjaNQweueE8q8K276T16o/y9GY/
             jUhvHS68IOg=
  SHA512   : Ra6uKNRCCvXc3NRQvPcARkaGaEvF6qr9
             1qOZtJUsw24ksp416FX1FYVgN3r6Yo+3
             52IebFgabo6s7pDuJvv2Fg==


End timestamp: 2022-09-01 08:44:27 -0400 (run time: 0m 23s)

Step 3 – Verify AIDE

At this point, AIDE is installed and initialized. Next, create some files and directories for your system, then check whether AIDE detects your changes or not.

First, create some files and a directory:

touch file1.txt file2.txt
mkdir test
aide --check

You should get detailed information about changes in the following output:

---------------------------------------------------

Directory: /root
  Linkcount: 3                                | 4


---------------------------------------------------
Added entries:
---------------------------------------------------

f++++++++++++++++: /etc/file1.txt
f++++++++++++++++: /etc/fil2.txt
f++++++++++++++++: /etc/test

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.gz
  MD5      : HrRHisua7lg4j9+Age/DDA==
  SHA1     : E96LC//yREmtEYUbjhI3Q5I//r8=
  RMD160   : bxdClGATptUZyMcmMOk/yiOWAbY=
  TIGER    : YPZ5DlnYs1b1rlAfL9XXou7d4VwxsNyJ
  SHA256   : Ys9VwAjaNQweueE8q8K276T16o/y9GY/
             jUhvHS68IOg=
  SHA512   : Ra6uKNRCCvXc3NRQvPcARkaGaEvF6qr9
             1qOZtJUsw24ksp416FX1FYVgN3r6Yo+3
             52IebFgabo6s7pDuJvv2Fg==

/var/lib/aide/aide.db.new.gz
  MD5      : 5wuA8hCUYqQCrMwlx6/nYg==
  SHA1     : JTt9qJDtIG6/qHa3eVuB1nXz6Kw=
  RMD160   : 4GFuJ9U31dq5dXX9v4L6AhhrJMk=
  TIGER    : mZY55DEZQ5QnIhf7g8U4CimJ+uv/CmOT
  SHA256   : VNySUFAutZ1+PADn7gWjdogwo2vsAbb2
             Xw5Q/9lvU2A=
  SHA512   : u2KrVpQjk0YNg1uUcnzvqyhpX30UwyOH
             Vq6oIFAaLfs6trdwSp/ZymoVIsw4U+d7
             VLnngfdYUcihoDMLPsj5qA==


End timestamp: 2022-09-01 08:45:56 -0400 (run time: 0m 26s)

You can then update your AIDE database using the following command:

aide --update

Step 4 – Setup AIDE Cron and Email Notification

AIDE also provides a pre-configured script that notifies you via email whenever any changes occur in your system. You can download the AIDE script with the following command:

wget https://rfxn.com/downloads/cron.aide -O  aide_cron.sh

Next, set execution permissions on the downloaded script with the following command:

chmod +x aide_cron.sh

Next, edit the downloaded script file and define your email address to receive the email notification:

nano aide_cron.sh

Change the following line:

email="root@localhost,[email protected]"

Save and close the file, then edit the Cron file:

crontab -e

Define your script path to create a new Cron job:

00 01 * * * /root/aide_cron.sh

Save and close the file when you finish.

Conclusion

In this post, we explained how to install AIDE on Oracle Linux 8. We also showed you how to use AIDE to monitor system changes and receive an email notification. You can now try AIDE on dedicated hosting from Atlantic.Net!

Get a $250 Credit and Access to Our Free Tier!
$250 Credit Good for 60 Days
Free Tier Includes:
G3.2GB Cloud VPS a Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

Get A Free To Use Cloud VPS

Looking for a Hosting Solution?

We Provide Cloud, Dedicated, & Colocation.

  • Eight Global Data Center Locations.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!

Get a $250 Credit and Access to Our Free Tier!

Free Tier includes:
G3.2GB Cloud VPS a Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

Get a Free-to-Use Cloud VPS