Skip to main content

Installing and Configuring AIDE

Hands-On Lab

 

Photo of Bob Salmans

Bob Salmans

Training Architect

Length

00:30:00

Difficulty

Intermediate

In this lab, we will install the Advanced Intrusion Detection Environment (AIDE) and configure it to monitor directories and applications for changes. We will also set up a cron job to run a daily check using AIDE.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Installing and Configuring AIDE

Introduction

In this lab, we will install the Advanced Intrusion Detection Environment (AIDE) and configure it to monitor directories and applications for changes. We will also set up a cron job to run a daily check using AIDE.

Solution

  1. Begin by logging in to the lab server using the credentials provided on the hands-on lab page:

    ssh cloud_user@PUBLIC_IP_ADDRESS
  2. Become the root user:

    sudo su

Install and configure AIDE

  1. Install AIDE:

    yum install -y aide
  2. Initialize AIDE:

    /usr/sbin/aide --init

    > Note: This will take about 5 minutes to complete.

  3. Copy initialized database to production:

    cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Configure AIDE to run every day at 1 AM

  1. Create a cronjob to run aide --check at 1 AM daily:

    nano /etc/crontab
    0 1 * * * /usr/sbin/aide --check 

Define directories and applications to monitor

  1. Define directories to monitor:

    nano /etc/aide.conf
    /patient-data    DIR
    /accounting     DIR

    > Note: You will need to add these two lines directly under the following header in the file:

    # Next decide what directories/files you want in the database. Aide
    # uses a first match system. Put file specific instructions before generic
    # matches. e.g. Put file matches before directories.
  2. Add an application to monitor each time it's accessed:

    nano /etc/aide.conf
    APP_ACCESS = a
    /applications/payroll   APP_ACCESS

    > Note: APP_ACCESS = a should be defined above the directories/files previously added. The /applications/payroll entry will be added below our /accounting entry.

Update the AIDE database with new directory and application statuses

  1. Update the AIDE database (because we made changes to the /etc/aide.conf file):

    /usr/sbin/aide --update

    > Note: This will take about 5 minutes to complete.

    cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

    When prompted to overwrite, answer "y".

Conclusion

Congratulations — you've completed this hands-on lab!