How To Set up AIDE on Ubuntu 22.04

Set up AIDE on Ubuntu 22.04 - orcacore.com

This article intends to teach you to Set up AIDE on Ubuntu 22.04.

Advanced Intrusion Detection Environment (AIDE) is a file and directory integrity checker, which creates a database from the regular expression rules that it finds in the config files. Once this database is initialized it can be used to verify the integrity of the config files. AIDE has several message digest algorithms which it uses to check the integrity of the config files, and it can also check file attributes for inconsistencies.

Running AIDE will have a performance impact. Therefore you may want to disable AIDE checks or schedule them to run at specific times. Mounted network and external file systems in /mnt are automatically excluded from the AIDE scans.

what you read in this post?

Steps To Set up AIDE on Ubuntu 22.04

To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on Initial Server Setup with Ubuntu 22.04.

Install AIDE on Ubuntu 22.04

AIDE packages are available in the default Ubuntu repository. First, update your local package index with the following command:

sudo apt update

Then, use the following command to install AIDE:

sudo apt -y install aide

During the installation, you will be asked to choose general mail configuration, here we choose Internet Site and click ok. Then, you need to choose a system mail name and continue your installation.

When your installation is completed, verify it by checking its version:

aide -v
Output
Aide 0.17.4

Compiled with the following options:

WITH_MMAP
WITH_PCRE
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_CAPABILITIES
WITH_E2FSATTRS
WITH_ZLIB
WITH_MHASH
WITH_AUDIT
...

AIDE Configuration on Ubuntu 22.04

Configuring AIDE is easy because you only have to edit the configuration file. Open the config file with your favorite text editor, here we use the vi editor:

sudo vi /etc/aide/aide.conf

Here, you will find the various sections to modify the working of AIDE.

# AIDE conf

# set environment for executable config files included by x_include
@@x_include_setenv UPAC_settingsd /etc/aide/aide.settings.d

# The daily cron job depends on these paths
database_in=file:/var/lib/aide/aide.db
database_out=file:/var/lib/aide/aide.db.new
database_new=file:/var/lib/aide/aide.db.new
gzip_dbout=yes

# Set to no to disable report_summarize_changes option.
report_summarize_changes=yes

# Set to no to disable grouping of files in report.
report_grouped=yes

# Set verbosity of aide run and reports
log_level=warning
report_level=changed_attributes

# Ignore e2fs attributes that cannot be set manually
report_ignore_e2fsattrs=EhI
...

You can edit the given information as per your requirements and save this AIDE configuration file on Ubuntu 22.04.

How To Use AIDE

At this point, you can create a new AIDE database by using the command below:

sudo aideinit
Output
Running aide --init...

Start timestamp: 2023-04-18 13:15:17 +0000 (AIDE 0.17.4)
AIDE initialized database at /var/lib/aide/aide.db.new
Ignored e2fs attributes: EIh

Number of entries:      145482

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.new
 SHA256    : r1NIy+0ahVJJ4E9rBLkg6Xr+Doh6wFU/
             Ix80sEmT2Bc=
 SHA512    : J9uQm63K2ONA82QIGybpQaYut/uW4aB+
             aEmJOKX8BdjBILD99NXLV+mGGOWR0pLK
             QAYJ/RKfBb4Y3d6znwp4Sg==
 RMD160    : /wIsacBCcgxfrD6+UAgY6Yx5JnA=
 TIGER     : b9cmGPpxe1PLCQBzT2zWjT0BLUyGIUQ3
 CRC32     : 0NcFbQ==
 HAVAL     : /vhr6UjvFc7ECCKo8gbVYcVOmt/CWJZ3
             xFqKoVGjm20=
 WHIRLPOOL : y+U7mZyn/RCp/8XLCUwVPb2fT5QVVS97
             +nWccvEqWKQ5OYkCmUUBelImoLs8o83H
             EcJ1tS6qbXrRCrlvKuM8+A==
 GOST      : ZvPp2BmQcqZU/Aum8yAfXSzbbGOiTF9f
             rYqBRX0y0LQ=


End timestamp: 2023-04-18 13:23:19 +0000 (run time: 8m 2s)

This command creates the AIDE database file /var/lib/aide/aide.db.new as per the currently available file system.

Then, to install the new AIDE database, you must copy it to your database file location:

sudo cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db

Now you can start your AIDE scan process by using the command below:

sudo aide --check

Conclusion

At this point, you have learned to Set up AIDE on Ubuntu 22.04.

Hope you enjoy it. Please subscribe to us on Facebook and Twitter.

Tags

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Related Posts

Stay informed and not overwhelmed, subscribe now!