How to Check Integrity With AIDE in Fedora

AIDE (Advanced Intrusion Detection Environment) is a program for checking the integrity of a file and directory on any modern Unix-like system. It creates a database of files on the system, and then uses that database as a yardstick to ensure file integrity and detect system intrusions.

In this article, we will show how to install and use AIDE to check file and directory integrity in Fedora distribution.

How to Install AIDE in Fedora

1. The AIDE utility is included in Fedora Linux by default, therefore, you can use the default dnf package manager to install it as shown.

$ sudo dnf install aide  

2. After the installation is complete, you need to create the initial AIDE database, which is a snapshot of the system in it’s normal state. This database will act as the yardstick against which all subsequent updates and changes will be measured.

Note that it is important to create the database on a new system before it is brought onto the network. And secondly, the default aide configuration enables checking a set of directories and files defined in the /etc/aide.conf file. You need to edit this file accordingly to configure more files and directories to be watched by aide.

Run the following command to generate the initial database:

$ sudo aide --init
Create AIDE Initial Database
Create AIDE Initial Database

3. To start using the database, remove the .new substring from the initial database file name.

$ sudo mv /var/lib/aide/ /var/lib/aide/aide.db.gz

4. To further protect the AIDE database, you can change its default location by editing the configuration file and modify the DBDIR value and point it to the new location of the database.

@@define DBDIR  /path/to/secret/db/location

For additional security, store the database configuration file and the /usr/sbin/aide binary file in a secure location such as a read-only media. Importantly, you can in fact increase security by signing the configuration and/or database.

Performing Integrity Checks in Fedora

5. To manually scan the Fedora system, run the following command.

$ sudo aide --check

The output of the above command shows differences between the database and the current state of the filesystem. It shows a summary of entries and detailed information about the changed entries.

Scan Fedora System
Scan Fedora System

6. For effective usage, you should configure AIDE to run as a cron job, to perform scheduled scans, either weekly (at the minimum) or daily (at the maximum).

For example, to schedule a scan at midnight everyday, add the following cron entry in the file /etc/crontab.

00  00  *  *  *  root  /usr/sbin/aide --check

Updating an AIDE Database

7. After confirming the changes of your system such as, package updates or configuration files modifications, update your baseline AIDE database with the following command.

$ sudo aide --update

The aide --update command creates a new database file /var/lib/aide/ To start using it for future scans, you need to rename it as shown before (remove the .new substring from the file name).

For additional information on AIDE you can check its man page.

$ man aide

For other Linux distributions, you can check out: How to Check Integrity of File and Directory Using “AIDE” in Linux.

AIDE is a powerful utility for checking integrity of files and directories on Unix-like operating systems such as Linux. In this article, we showed how to install and use AIDE in Fedora Linux. Do you have any question(s) or comments concerning AIDE, if yes, then use the feedback form to reach us.

Tutorial Feedback...
Was this article helpful? If you don't find this article helpful or found some outdated info, issue or a typo, do post your valuable feedback or suggestions in the comments to help improve this article...

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.