AIDE to the Rescue -- An Open Source Security Tool
By Arthur Messenger, February 06, 2003
The Advanced Intrusion Detection System (AIDE) is a multiple platform, open source, and GPL replacement for Tripwire. Both tools monitor system intrusions by building an initial database and doing file integrity checks against that database. AIDE came about because the original author Rami Lehti wanted to get past some of Tripwire's limitations. He didn't have the source for Tripwire, so he redid it from scratch. Lehti runs a CVS server over the Internet to take full advantage of the worldwide pool of programmers available to develop applications. In this article, we will look at AIDE installation and configuration, comparing it to Tripwire as necessary. If you decide to use AIDE, then you must read the man pages (man aide and man aide.conf) for the program. This article complements the documentation there.
Listing 2 Selection codes
p: permissions
i: inode
n: number of links
u: user
g: group
s: size
m: mtime
a: atime
c: ctime
S: check for growing size
md5: md5 checksum
sha1: sha1 checksum
rmd160: rmd160 checksum
tiger: tiger checksum
R: p+i+n+u+g+s+m+c+md5
L: p+i+n+u+g
E: Empty group
>: Growing logfile p+u+g+i+n+S
crc32: crc32 checksum
haval: haval checksum
gost: gost checksum