安全:centos安装aide

一，官方网站:

https://aide.github.io/

代码站:

https://github.com/aide/aide

二，安装aide

1,用yum从命令行安装

[root@192 ~]# yum install aide 

2，查看版本:

[root@192 ~]# aide -v
Aide 0.16

Compiled with the following options:

WITH_MMAP
WITH_PCRE
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_E2FSATTRS
WITH_LSTAT64
WITH_READDIR64
WITH_ZLIB
WITH_CURL
WITH_GCRYPT
WITH_AUDIT
CONFIG_FILE = "/etc/aide.conf"

3,查看程序的路径:

[root@192 ~]# whereis aide
aide: /usr/sbin/aide /usr/share/man/man1/aide.1.gz

三，创建初始数据库:

[root@192 ~]# aide --init
Start timestamp: 2024-09-17 05:33:26 +0800 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new.gz

Number of entries:      49504

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.new.gz
  MD5      : s6JPFHOBwBTL4JxPuSpnZA==
  SHA1     : WOZbbjCDrrqWP6MiSh1CrRD4GBw=
  RMD160   : +X9Ca2B68tePAa5Jqq1AcwMuFXM=
  TIGER    : 2IRGzEO9kw1niAdDs7tGhVE063k+UQGT
  SHA256   : 1wIkPW7DVdz1zluvV3JhYe1M7VrO8kAl
             uyLW9y7TQiA=
  SHA512   : z4vSgWmQKOnyjIANbKXa9JqKQTAADM5+
             DNwMfwoAFAT91J/HUMKwjFcZdGqBd2IR
             RleYiV/A2qq+GmCUWByX1Q==


End timestamp: 2024-09-17 05:34:05 +0800 (run time: 0m 39s)

可以看到数据库文件的路径:

[root@192 ~]# ll /var/lib/aide/aide.db.new.gz
-rw-------. 1 root root 2781471 Sep 17 05:34 /var/lib/aide/aide.db.new.gz

四，运行aide

1，生成数据库，使aide运行时可以读取

[root@192 ~]# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

2,手动运行:

[root@192 ~]# aide --check
Start timestamp: 2024-09-17 06:17:43 +0800 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!

Number of entries:      49504

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.gz
  MD5      : s6JPFHOBwBTL4JxPuSpnZA==
  SHA1     : WOZbbjCDrrqWP6MiSh1CrRD4GBw=
  RMD160   : +X9Ca2B68tePAa5Jqq1AcwMuFXM=
  TIGER    : 2IRGzEO9kw1niAdDs7tGhVE063k+UQGT
  SHA256   : 1wIkPW7DVdz1zluvV3JhYe1M7VrO8kAl
             uyLW9y7TQiA=
  SHA512   : z4vSgWmQKOnyjIANbKXa9JqKQTAADM5+
             DNwMfwoAFAT91J/HUMKwjFcZdGqBd2IR
             RleYiV/A2qq+GmCUWByX1Q==


End timestamp: 2024-09-17 06:17:57 +0800 (run time: 0m 14s)

4,查看日志目录:

可以看到检查报告所在的路径是 /var/log/aide/aide.log

[root@192 ~]# more /etc/aide.conf
# Example configuration file for AIDE.

@@define DBDIR /var/lib/aide
@@define LOGDIR /var/log/aide 

# The location of the database to be read.
database=file:@@{DBDIR}/aide.db.gz

# The location of the database to be written.
#database_out=sql:host:port:database:login_name:passwd:table
#database_out=file:aide.db.new
database_out=file:@@{DBDIR}/aide.db.new.gz

# Whether to gzip the output to database
gzip_dbout=yes

# Default.
verbose=5

report_url=file:@@{LOGDIR}/aide.log
report_url=stdout 

5,加入cron

[root@192 ~]# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab

命令:

[root@192 ~]# crontab -l
05 4 * * * /usr/sbin/aide --check