AIDE 入侵检测

AIDE(Adevanced Intrusion Detection Environment,高级入侵检测环境)是个入侵检测工具,主要用途是检查文档的完整性
安装 yum install -y aide

配置文件 /etc/aide.conf
举例
aide –init 生成数据库
aide –check 检测
aide –update 更新

AIDE found differences between database and filesystem!!
Start timestamp: 2014-01-18 09:56:41
Summary:
Total number of files: 6
Added files: 0
Removed files: 0
Changed files: 1
—————————————————
Changed files:
—————————————————
changed: /usr/local/nginx/html/index.php
————————————————–
Detailed information about changes:
—————————————————
File: /usr/local/nginx/html/index.php
Size : 22 , 36
Mtime : 2014-01-13 23:46:55 , 2014-01-17 18:18:26
Ctime : 2014-01-13 23:46:55 , 2014-01-17 18:18:26
Inode : 409196 , 392181
MD5 : 2N2RavXV0byiZs9x/sKa9g== , ChhsljamGMBF0a07orx5uA==
RMD160 : ItOU7MD8ShdzHCp6pERa+18JMnQ= , MuA4C92Yk32oI5Cnd622PXuTeEM=
SHA256 : ED/4Z1tU6eqlJSXvv85X8IkCm9E8ayqo , eP0RcnIAQBNQ0zY+UdwVwDdRG/XQACw2

标签: aide 入侵检测