How to Check Integrity With AIDE in Fedora

AIDE (Advanced Intrusion Detection Environment) is a program for checking the integrity of a file and directory on any modern Unix-like system. It creates a database of files on the system, and then uses that database as a yardstick to ensure file integrity and detect system intrusions.

In this article, we will show how to install and use AIDE to check file and directory integrity in Fedora distribution.

How to Install AIDE in Fedora

1. The AIDE utility is included in Fedora Linux by default, therefore, you can use the default dnf package manager to install it as shown.

$ sudo dnf install aide  

2. After the installation is complete, you need to create the initial AIDE database, which is a snapshot of the system in it’s normal state. This database will act as the yardstick against which all subsequent updates and changes will be measured.

Note that it is important to create the database on a new system before it is brought onto the network. And secondly, the default aide configuration enables checking a set of directories and files defined in the /etc/aide.conf file. You need to edit this file accordingly to configure more files and directories to be watched by aide.

Run the following command to generate the initial database:

$ sudo aide --init
Create AIDE Initial Database

Create AIDE Initial Database

3. To start using the database, remove the .new substring from the initial database file name.

$ sudo mv /var/lib/aide/ /var/lib/aide/aide.db.gz

4. To further protect the AIDE database, you can change its default location by editing the configuration file and modify the DBDIR value and point it to the new location of the database.

@@define DBDIR  /path/to/secret/db/location

For additional security, store the database configuration file and the /usr/sbin/aide binary file in a secure location such as a read-only media. Importantly, you can in fact increase security by signing the configuration and/or database.

Performing Integrity Checks in Fedora

5. To manually scan the Fedora system, run the following command.

$ sudo aide --check

The output of the above command shows differences between the database and the current state of the filesystem. It shows a summary of entries and detailed information about the changed entries.

Scan Fedora System

Scan Fedora System

6. For effective usage, you should configure AIDE to run as a cron job, to perform scheduled scans, either weekly (at the minimum) or daily (at the maximum).

For example, to schedule a scan at midnight everyday, add the following cron entry in the file /etc/crontab.

00  00  *  *  *  root  /usr/sbin/aide --check

Updating an AIDE Database

7. After confirming the changes of your system such as, package updates or configuration files modifications, update your baseline AIDE database with the following command.

$ sudo aide --update

The aide --update command creates a new database file /var/lib/aide/ To start using it for future scans, you need to rename it as shown before (remove the .new substring from the file name).

For additional information on AIDE you can check its man page.

$ man aide

For other Linux distributions, you can check out: How to Check Integrity of File and Directory Using “AIDE” in Linux.

AIDE is a powerful utility for checking integrity of files and directories on Unix-like operating systems such as Linux. In this article, we showed how to install and use AIDE in Fedora Linux. Do you have any question(s) or comments concerning AIDE, if yes, then use the feedback form to reach us.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.