AIDE (Advanced Intrusion Detection Environment)

apt-get update && apt-get install aide

Change destination mail if not root

vi /etc/default/aide
MAILTO=
 
aideinit

Install new db as reference

cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db

Manual check

aide -c /etc/aide/aide.conf --check

Manual update

aide -c /etc/aide/aide.conf --update

On files/conf changes :

aideinit
cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db
aide -c /etc/aide/aide.conf --check

aide.conf defines change patterns, ex : Directories that change their contents during system operation i

VarDir = OwnerMode+n+i+X

then you find exceptions in dir /etc/aide/aide.conf.d warning : when error is present in configuration files, the parser not always point them…