aide

aide

aide source code

Stars: 484

Visit
 screenshot

AIDE (Advanced Intrusion Detection Environment) is a tool for monitoring file system changes. It can be used to detect unauthorized changes to monitored files and directories. AIDE was written to be a simple and free alternative to Tripwire. Features currently included in AIDE are as follows: o File attributes monitored: permissions, inode, user, group file size, mtime, atime, ctime, links and growing size. o Checksums and hashes supported: SHA1, MD5, RMD160, and TIGER. CRC32, HAVAL and GOST if Mhash support is compiled in. o Plain text configuration files and database for simplicity. o Rules, variables and macros that can be customized to local site or system policies. o Powerful regular expression support to selectively include or exclude files and directories to be monitored. o gzip database compression if zlib support is compiled in. o Free software licensed under the GNU General Public License v2.

README:

         AIDE - Advanced Intrusion Detection Environment
        -------------------------------------------------
                          Version 0.18

This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.

This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extend permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


Introduction
------------

AIDE is a tool for monitoring file system changes. It can be used
to detect unauthorized monitored files and directories. AIDE was
written to be a simple and free alternative to Tripwire. Features
currently included in AIDE are as follows:

    o  File attributes monitored: permissions, inode, user, group
       file size, mtime, atime, ctime, links and growing size.
    o  Checksums and hashes supported: SHA1, MD5, RMD160, and TIGER.
       CRC32, HAVAL and GOST if Mhash support is compiled in.
    o  Plain text configuration files and database for simplicity.
    o  Rules, variables and macros that can be customized to local
       site or system policies.
    o  Powerful regular expression support to selectively include or
       exclude files and directories to be monitored.
    o  gzip database compression if zlib support is compiled in.
    o  Free software licensed under the GNU General Public License v2.

The homepage of AIDE is https://aide.github.io

Current Version
---------------

AIDE is currently maintained on GitHub.

Please visit https://github.com/aide/aide/ to get the newest version of
the source code.

Documentation
-------------

The documentation for AIDE can be found in the doc/ directory.

Installation
------------

If you are using a git version of the source you need to generate the
configuration files first:

    $ sh ./autogen.sh

For generic installation instructions please see the INSTALL file
(generated by autogen.sh).

In short, just type:
    $ ./configure
    $ make
    $ make install

See './configure --help' for the available configuration options.

For AIX 5.3 it has been reported there is a problem with using mhash
which causes an "Undefined symbol: .rpl_malloc" error. This is a problem
in mhash_config.h which can be fixed by removing the line that reads
#define malloc rpl_malloc

Dynamic versus Static Linking
-----------------------------

Formerly aide was linked statically by default to reduce the attack vector
of compromised shared libraries and to ease client/server monitoring
configurations. However an attacker could still simply replace the
statically linked binary, tamper the database file or use dynamically
loaded kernel modules to change the behaviour of AIDe.

These days many Linux distributions (eg Centos/Oracle Linux), operating
systems (eg Mac OS/OpenSolaris) and libaries have dropped support for
static linking.

Hence starting with releae v0.18 AIDE is linked dynamically by default.

To re-enable static linking use '--enable-static' when configuring AIDE.

Source Code Verification
------------------------

We highly recommend checking that the version of AIDE downloaded and
installed is an original and unmodified one. You can either verify the
source tarball or the git tag.

To check the supplied signature with GnuPG:

  $ gpg --verify aide-<VERSION_NUMBER>.tar.gz.asc

This checks that the detached signature file is indeed a signature
of aide-<VERSION_NUMBER>.tar.gz.

To validate the gpg signature of the git tag:

  $ git verify-tag v<VERSION_NUMBER>

The current public key needed for signature verification is:

    pub   4096R/68E7B931 2011-06-28 [expires: 2025-06-27]
    uid                  Hannes von Haugwitz <[email protected]>

If you do not have this key, you can get it from one of the well known PGP
key servers. You have to make sure that the key you install is not a faked
one. You can do this with reasonable assurance by comparing the output of:

  $ gpg --fingerprint 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931

with the fingerprint published elsewhere.

Requirements
------------

AIDE requires the following development tools:

   o  C99 compatible compiler.
   o  GNU Autoconf
   o  GNU Autoconf Macro Archive
   o  GNU Automake
   o  GNU flex.
   o  GNU yacc (bison).
   o  GNU make.
   o  pkg-config
   o  PCRE2 library
   o  Mhash (optional, but highly recommended). Mhash is currently
      available from http://mhash.sourceforge.net/. A static version of
      libmhash needs to be build using the --enable-static=yes
      configure option.
      Aide requires at least mhash version 0.9.2

   o  libcheck (optional, needed for 'make check', license: LGPL-2.1)

Note:
  flex version 2.5.31 is broken, you might see the following error

   conf_lex.c: In function `conflex':
   conf_lex.c:4728: error: `yy_prev_more_offset' undeclared (first use in
   this function)
   conf_lex.c:4728: error: (Each undeclared identifier is reported only once
   conf_lex.c:4728: error: for each function it appears in.)

  Either downgrade to flex 2.5.4 or get an updated version that fixes
  this bug.

Large File Support
-----------------

To be able to store the size of files larger than 2GB, AIDE needs large
file support (LFS) to be available in the OS. The configure script
automatically checks for LFS. To turn off LFS call the configure script
with the '-disable-largefile' option.

Feedback and Support
--------------------

End user support is available on the AIDE mailing list:

    https://www.ipi.fi/mailman/listinfo/aide

An archive for the mailing list archive is available online:

    http://www.ipi.fi/pipermail/aide/

Please report bugs and feature requests to the aide issue tracker

    https://github.com/aide/aide/issues


Credits
-------

Please see the AUTHORS file.

For Tasks:

Click tags to check more tools for each tasks

For Jobs:

Alternative AI tools for aide

Similar Open Source Tools

For similar tasks

For similar jobs