一,官方網站:
https://aide.github.io/程式碼站:
https://github.com/aide/aide二,安裝aide
1,用yum從命令列安裝
[root@192 ~]# yum install aide 2,檢視版本:
[root@192 ~]# aide -v
Aide 0.16
Compiled with the following options:
WITH_MMAP
WITH_PCRE
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_E2FSATTRS
WITH_LSTAT64
WITH_READDIR64
WITH_ZLIB
WITH_CURL
WITH_GCRYPT
WITH_AUDIT
CONFIG_FILE = "/etc/aide.conf"3,檢視程式的路徑:
[root@192 ~]# whereis aide
aide: /usr/sbin/aide /usr/share/man/man1/aide.1.gz三,建立初始資料庫:
[root@192 ~]# aide --init
Start timestamp: 2024-09-17 05:33:26 +0800 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new.gz
Number of entries: 49504
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/aide.db.new.gz
MD5 : s6JPFHOBwBTL4JxPuSpnZA==
SHA1 : WOZbbjCDrrqWP6MiSh1CrRD4GBw=
RMD160 : +X9Ca2B68tePAa5Jqq1AcwMuFXM=
TIGER : 2IRGzEO9kw1niAdDs7tGhVE063k+UQGT
SHA256 : 1wIkPW7DVdz1zluvV3JhYe1M7VrO8kAl
uyLW9y7TQiA=
SHA512 : z4vSgWmQKOnyjIANbKXa9JqKQTAADM5+
DNwMfwoAFAT91J/HUMKwjFcZdGqBd2IR
RleYiV/A2qq+GmCUWByX1Q==
End timestamp: 2024-09-17 05:34:05 +0800 (run time: 0m 39s)可以看到資料庫檔案的路徑:
[root@192 ~]# ll /var/lib/aide/aide.db.new.gz
-rw-------. 1 root root 2781471 Sep 17 05:34 /var/lib/aide/aide.db.new.gz四,執行aide
1,生成資料庫,使aide執行時可以讀取
[root@192 ~]# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz2,手動執行:
[root@192 ~]# aide --check
Start timestamp: 2024-09-17 06:17:43 +0800 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!
Number of entries: 49504
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/aide.db.gz
MD5 : s6JPFHOBwBTL4JxPuSpnZA==
SHA1 : WOZbbjCDrrqWP6MiSh1CrRD4GBw=
RMD160 : +X9Ca2B68tePAa5Jqq1AcwMuFXM=
TIGER : 2IRGzEO9kw1niAdDs7tGhVE063k+UQGT
SHA256 : 1wIkPW7DVdz1zluvV3JhYe1M7VrO8kAl
uyLW9y7TQiA=
SHA512 : z4vSgWmQKOnyjIANbKXa9JqKQTAADM5+
DNwMfwoAFAT91J/HUMKwjFcZdGqBd2IR
RleYiV/A2qq+GmCUWByX1Q==
End timestamp: 2024-09-17 06:17:57 +0800 (run time: 0m 14s)4,檢視日誌目錄:
可以看到檢查報告所在的路徑是 /var/log/aide/aide.log
[root@192 ~]# more /etc/aide.conf
# Example configuration file for AIDE.
@@define DBDIR /var/lib/aide
@@define LOGDIR /var/log/aide
# The location of the database to be read.
database=file:@@{DBDIR}/aide.db.gz
# The location of the database to be written.
#database_out=sql:host:port:database:login_name:passwd:table
#database_out=file:aide.db.new
database_out=file:@@{DBDIR}/aide.db.new.gz
# Whether to gzip the output to database
gzip_dbout=yes
# Default.
verbose=5
report_url=file:@@{LOGDIR}/aide.log
report_url=stdout 5,加入cron
[root@192 ~]# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab命令:
[root@192 ~]# crontab -l
05 4 * * * /usr/sbin/aide --check