Rate this page del.icio.us  Digg slashdot StumbleUpon

Tips and tricks: How do I check the software integrity on Red Hat Enterprise Linux 5?

by the editorial team

There is an integrity checking software called AIDE shipped by Red Hat® Enterprise Linux® 5. AIDE provides some general strategy for implementing integrity checking to detect the intrusions when they have occurred.

To install AIDE, using following command:

# yum install aide

To configure AIDE, customize the /etc/aide.conf to meet the requirements of the system. For more detailed information about the AIDE configuration file, please refer the man page of aide.conf.

To generate a new database and install it on AIDE system:

# aide --init
# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

By default, the program will create a new file aide.db.new.gz in the /var/lib/aide/ directory. This must be installed on the system manually by using the copy command. Typically, system administrator should create an AIDE database on a new system before the system is connected to any network.

To check the inconsistencies between the current system and the AIDE database, running following command:

# aide --check

or

# aide

If the check produces any unexpected output, investigate and fix it as soon as possible.

The aide command can also be run as a crontab job to do periodic integrity checking.

Red Hat’s customer service and support teams receive technical support questions from users all over the world. Red Hat technicians add the questions and answers to Red Hat Knowledgebase on a daily basis. Access to Red Hat Knowledgebase is free. Red Hat Magazine offers a preview into the Red Hat Knowledgebase by highlighting some of the most recent entries. The information provided in this article is for your information only. The origin of this information may be internal or external to Red Hat. While Red Hat attempts to verify the validity of this information before it is posted, Red Hat makes no express or implied claims to its validity.

This entry was posted by the editorial team on Monday, April 28th, 2008 at 4:13 pm and is filed under Red Hat Enterprise Linux, tips and tricks, technical. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 responses to “Tips and tricks: How do I check the software integrity on Red Hat Enterprise Linux 5?”

  1. Anindra says:
    April 30th, 2008 at 12:00 am

    A good piece of software. But what is the concern in connecting the new system to network before creating the database? For instance, if I install a system over network using kickstart + NFS or FTP, is there any major risk on proper functioning of the software?

  2. Jerome says:
    April 30th, 2008 at 3:05 pm

    …And what happens if the “aide.db.gz” is cracked or if some bad guys re-run “aide –update”. It seems there is no encryption for the database, no read-only protection, etc…
    It’s a good start but not sufficient for paranoids.

  3. David says:
    May 3rd, 2008 at 4:19 am

    Sounds pretty good.
    Keeping the database in a remote place that can be accessed in ro may be safer though.

  4. Sklav says:
    May 19th, 2008 at 8:23 am

    I think this is a great tool and simple to setup. As for the paranoid People you can always encrypt the file or use chattr on the file or keep a copy off site. I kinda like the simplicity in setting it up and the versatility.

  5. Basavraj says:
    July 11th, 2008 at 2:02 am

    Sir it is very good software that we can check other softwares but I wanted it is free software or any extra charges for that

Leave a reply

Links

Tags

Archives