Installing and Configuring AIDE

In this lab, we will install the Advanced Intrusion Detection Environment (AIDE) and configure it to monitor directories and applications for changes. We will also set up a cron job to run a daily check using AIDE.

*This course is not approved or sponsored by Red Hat.*

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Install and configure AIDE

Install AIDE:
```
yum install -y aide
```
Initialize AIDE:
```
/usr/sbin/aide --init
```

Copy initialized database to production:

cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Configure AIDE to run every day at 1 AM

Create a cronjob to run aide --check at 1 AM daily:

nano /etc/crontab

0 1 * * * /usr/sbin/aide --check

Define directories and applications to monitor

Define directories to monitor:

nano /etc/aide.conf

/patient-data    DIR
/accounting     DIR

Add an application to monitor each time it’s accessed:

nano /etc/aide.conf

APP_ACCESS = a
/applications/payroll   APP_ACCESS

Update the AIDE database with new directory and application statuses

Update the AIDE database (because we made changes to the /etc/aide.conf file):

/usr/sbin/aide --update

cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Installing and Configuring AIDE

About this Hands-on Lab

Learning Objectives

Additional Resources

What are Hands-on Labs

Newsletter