InformationAdvanced Intrusion Detection Environment (AIDE) is a intrusion detection tool that uses predefined rules to check the integrity of files and directories in the Linux operating system. AIDE has its own database to check the integrity of files and directories.
AIDE takes a snapshot of files and directories including modification times, permissions, and file hashes which can then be used to compare against the current state of the filesystem to detect modifications to the system.
By monitoring the filesystem state compromised files can be detected to prevent or limit the exposure of accidental or malicious misconfigurations or modified binaries.
SolutionRun the following command to install AIDE:
# dnf install aide
Configure AIDE as appropriate for your environment. Consult the AIDE documentation for options.
Run the following commands:
# aide --init
# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz