Advanced Intrusion Detection Environment
| AIDE
|
|
|---|---|
|
|
| Basic data
|
|
| developer | Hannes von Haugwitz |
| Current version | 0.16.2 (May 19, 2019) |
| operating system | GNU / Linux / Unix , macOS , BSD etc. a. |
| programming language | C. |
| category | Audit |
| License | GPL-2.0 |
| German speaking | No |
| aide.github.io | |
The Advanced Intrusion Detection Environment ( AIDE ) detection system was originally developed as a free software alternative to Tripwire , which is licensed under the terms of the GNU General Public License (GPL).
Lead developers named Rami Lehti and Pablo Virolainen, both associated with Tampere University of Technology , in addition to Richard van den Berg, an independent Dutch security advisor. The project is used on many Unix-like systems as an inexpensive baseline control and as a rootkit detection system.
Functionality
Aide takes a snapshot of the system status, records checksums, change times and other data relating to files that were previously defined by the administrator. This snapshot is used to build a database that can optionally be backed up to external storage and restored.
If an administrator wants to carry out an integrity test, he places the previously created database on an accessible data carrier and instructs AIDE to compare the status in the database with the status in the system that is currently running. If there are any changes, AIDE will discover them and report them to the administrator. Alternatively, AIDE can also be configured so that it runs automatically at certain times and reports daily what changes have occurred. Usually time-controlled services like cron are used for this , which is the default setting on the Debian Aide package.
This is particularly important for security aspects so that AIDE can log any malicious changes that may occur in a system.
Web links
- AIDE SourceForge project
- AIDE online manpage
- AIDE reference in Ubuntu wiki
- OpenSUSE Security Guide chapter on AIDE
Individual evidence
- ↑ Using Aide on Ubuntu 12.04 LTS (Precise Pangolin) and Debian 7 (Wheezy) . Archived from the original on January 9, 2013. Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. Retrieved March 12, 2013.
