====== AIDE (Advanced Intrusion Detection Environment) ======


apt-get update && apt-get install aide

Change destination mail if not root


vi /etc/default/aide
MAILTO=

aideinit

Install new db as reference


cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db

Manual check


aide -c /etc/aide/aide.conf --check

Manual update

 
aide -c /etc/aide/aide.conf --update

On files/conf changes :

 
aideinit
cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db
aide -c /etc/aide/aide.conf --check

aide.conf defines change patterns, ex : Directories that change their contents during system operation i


VarDir = OwnerMode+n+i+X

then you find exceptions in dir /etc/aide/aide.conf.d warning : when error is present in configuration files, the parser not always point them...