AIDE
2024-10-24
Configure AIDE
Edit /etc/aide/aide.conf
. Enable the following options:
report_summarize_changes=true
Initialize the database
sudo aide --config /etc/aide/aide.conf --init
AIDE will indicate the location of the new database when it finishes:
New AIDE database written to /var/lib/aide/aide.db.new
Rename the file:
sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db
Trigger a check
sudo aide --check --config /etc/aide/aide.conf
Crontab
0 3 * * * aide --check --config /etc/aide/aide.conf
Update
Run AIDE after editing system files and install system updates or new packages so that AIDE can update their checksums in the AIDE database. This will help prevent false positives.
sudo aide --update --config /etc/aide/aide.conf