Əksər hallarda lazım olurki bilək qurduğumuz serverdə yaxud həmin serverdəki fayllarda/file systemində hər hansı dəyişiklik olduğunu bilək.
Bu məqsədlə AIDE-Advanced Intrusion Detection Environment köməyimizə gəlir.
Ümumi götürdürdə çox usefull tooldur.
Proqramın installı və setup edilməsi də çox sadədir.
Əsas configurasiya faylı /etc/aide.conf-dur.
Kod:
[blackhat@ ~]$ cat /etc/os-release
NAME=Fedora
VERSION="21 (Twenty One)"
ID=fedora
VERSION_ID=21
PRETTY_NAME="Fedora 21 (Twenty One)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:fedoraproject:fedora:21"
HOME_URL="https://fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=21
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=21
[blackhat@ ~]$ yum info aide
Loaded plugins: langpacks
Installed Packages
Name : aide
Arch : x86_64
Version : 0.15.1
Release : 9.fc21
Size : 308 k
Repo : installed
Summary : Intrusion detection environment
URL : http://sourceforge.net/projects/aide
License : GPLv2+
Description : AIDE (Advanced Intrusion Detection Environment) is a file integrity
: checker and intrusion detection program.
[blackhat@ ~]$ rpm -qa aide
aide-0.15.1-9.fc21.x86_64
[root@ ~]# whereis aide.conf
aide: /usr/sbin/aide /etc/aide.conf /usr/share/man/man1/aide.1.gz
[root@ ~]# aide --check
WARNING: Old db contains a entry that shouldn't be there, run --init or --update
^C
[root@ ~]# aide --init
AIDE, version 0.15.1
### AIDE database at /var/lib/aide/aide.db.new.gz initialized.
[root@ ~]# ls -tliash /var/lib/aide/
total 29M
655374 4.0K drwxr-xr-x. 74 root root 4.0K Feb 22 2015 ..
665174 2.5M -rw-------. 1 root root 2.5M Feb 22 00:04 aide.db.new.gz
665251 26M -rw-------. 1 root root 26M Aug 31 17:14 aide.db.gz
664617 4.0K drwx------. 2 root root 4.0K Aug 16 2014 .
[root@ ~]# cp -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
cp: overwrite ‘/var/lib/aide/aide.db.gz’? Y
[root@ ~]# ls -tliash /var/lib/aide/
total 5.0M
655374 4.0K drwxr-xr-x. 74 root root 4.0K Feb 22 2015 ..
665251 2.5M -rw-------. 1 root root 2.5M Feb 22 00:05 aide.db.gz
665174 2.5M -rw-------. 1 root root 2.5M Feb 22 00:04 aide.db.new.gz
664617 4.0K drwx------. 2 root root 4.0K Aug 16 2014 .
[root@ ~]# touch /var/www/html/lolbackdoor.txt
[root@ ~]# aide --check
AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2015-02-22 00:06:22
Summary:
Total number of files: 24948
Added files: 1
Removed files: 0
Changed files: 1
---------------------------------------------------
Added files:
---------------------------------------------------
added: /var/www/html/lolbackdoor.txt
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /var/www/html
---------------------------------------------------
Detailed information about changes:
---------------------------------------------------
Directory: /var/www/html
Mtime : 2015-02-21 00:13:04 , 2015-02-22 00:06:14
Ctime : 2015-02-21 00:13:04 , 2015-02-22 00:06:14
[root@ ~]# aide --update
AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2015-02-22 00:07:51
Summary:
Total number of files: 24948
Added files: 1
Removed files: 0
Changed files: 1
---------------------------------------------------
Added files:
---------------------------------------------------
added: /var/www/html/lolbackdoor.txt
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /var/www/html
---------------------------------------------------
Detailed information about changes:
---------------------------------------------------
Directory: /var/www/html
Mtime : 2015-02-21 00:13:04 , 2015-02-22 00:06:14
Ctime : 2015-02-21 00:13:04 , 2015-02-22 00:06:14
ode]