This article will take you through how to install AIDE on Rocky Linux 9. AIDE (Advanced Intrusion Detection Environment) is a file and directory, integrity checker. It takes the regular expression rules it discovers in the configuration file and generates a database from them. The integrity of the files can be checked using this database after it has been initialized. It uses a number of message digest techniques to check the file’s integrity. It is possible to check for discrepancies across all of the typical file properties, and older or newer versions of the database can be read.
How to Install AIDE on Rocky Linux 9
- Update your system.
sudo dnf update- Next, install AIDE on Rocky Linux 9 using the command below.
sudo dnf install aideSample output
Dependencies resolved. ===================================================================== Package Architecture Version Repository Size ===================================================================== Installing: aide x86_64 0.16-100.el9 appstream 147 k Transaction Summary ===================================================================== Install 1 Package Total download size: 147 k Installed size: 354 k Is this ok [y/N]: y Downloading Packages: aide-0.16-100.el9.x86_64.rpm 3.7 kB/s | 147 kB 00:39 --------------------------------------------------------------------- Total 3.3 kB/s | 147 kB 00:43 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : aide-0.16-100.el9.x86_64 1/1 Running scriptlet: aide-0.16-100.el9.x86_64 1/1 Verifying : aide-0.16-100.el9.x86_64 1/1 Installed: aide-0.16-100.el9.x86_64 Complete!
- To check the version installed run the command below.
aide --versionSample output
Aide 0.16 Compiled with the following options: WITH_MMAP WITH_PCRE WITH_POSIX_ACL WITH_SELINUX WITH_XATTR WITH_E2FSATTRS WITH_LSTAT64 WITH_READDIR64 WITH_ZLIB WITH_CURL WITH_GCRYPT WITH_AUDIT CONFIG_FILE = "/etc/aide.conf"
- Initialize the AIDE database.
sudo aide --initSample output
Start timestamp: 2022-07-28 13:16:43 +0300 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new.gz
Number of entries: 129760
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/aide.db.new.gz
MD5 : SRNnSRytrVXRSmV7wsfRSw==
SHA1 : 6ikobpeqs3rphtQDzgIhWH6fXjA=
RMD160 : n28wdF+FnJc7uCk01++v/unHtIw=
TIGER : tjqsqe0IyxOH6RZKZVYWtO9kV1BNgZuZ
SHA256 : nvjUChq0Qc8Q+WlSy2oUl4a1E6CjSQ3v
ybFGj+8pUvI=
SHA512 : afkAP6w/LXM77+0CvsKxCKNhSpGp84jF
w+++sqf8hR+k6gW5NRZt47GEB99i0Y3P
gLgPw6lCqQDzakppZO7vmg==
End timestamp: 2022-07-28 13:23:15 +0300 (run time: 6m 32s)
- After initializing the database, copy it.
sudo cp -p /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz- Let’s run the integrity check command as shown below.
sudo aide --checkSample output
Start timestamp: 2022-07-28 13:34:31 +0300 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!
Number of entries: 129760
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/aide.db.gz
MD5 : SRNnSRytrVXRSmV7wsfRSw==
SHA1 : 6ikobpeqs3rphtQDzgIhWH6fXjA=
RMD160 : n28wdF+FnJc7uCk01++v/unHtIw=
TIGER : tjqsqe0IyxOH6RZKZVYWtO9kV1BNgZuZ
SHA256 : nvjUChq0Qc8Q+WlSy2oUl4a1E6CjSQ3v
ybFGj+8pUvI=
SHA512 : afkAP6w/LXM77+0CvsKxCKNhSpGp84jF
w+++sqf8hR+k6gW5NRZt47GEB99i0Y3P
gLgPw6lCqQDzakppZO7vmg==
End timestamp: 2022-07-28 13:39:36 +0300 (run time: 5m 5s)
- To update the AIDE database, use the command below.
sudo aide --updateSample output
Start timestamp: 2022-07-28 13:47:30 +0300 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!
New AIDE database written to /var/lib/aide/aide.db.new.gz
Number of entries: 129760
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/aide.db.gz
MD5 : SRNnSRytrVXRSmV7wsfRSw==
SHA1 : 6ikobpeqs3rphtQDzgIhWH6fXjA=
RMD160 : n28wdF+FnJc7uCk01++v/unHtIw=
TIGER : tjqsqe0IyxOH6RZKZVYWtO9kV1BNgZuZ
SHA256 : nvjUChq0Qc8Q+WlSy2oUl4a1E6CjSQ3v
ybFGj+8pUvI=
SHA512 : afkAP6w/LXM77+0CvsKxCKNhSpGp84jF
w+++sqf8hR+k6gW5NRZt47GEB99i0Y3P
gLgPw6lCqQDzakppZO7vmg==
/var/lib/aide/aide.db.new.gz
MD5 : HKGtVHBOLcSnvxPVrCqWfg==
SHA1 : tjDS5DWuZbgUND8uzZsKOFiLGmw=
RMD160 : N6MlQY81U4ClzGIOxi+sdXyJGWI=
TIGER : v3ErYLnwM24TV79U1DEjajS1ibTxlP5w
SHA256 : DLkoS2ILr4VkTT7KhEwcrU/xpR0hEQO0
bjsSgY1JVqs=
SHA512 : zXurh+wlhD4Khw7xRt1ROwTadyRxObYG
Hof6LBoixv9yiQiZUep0VT2aZxrhNu9s
PKhn6HGSGymUD9Ugk2QpwA==
End timestamp: 2022-07-28 13:52:45 +0300 (run time: 5m 15s)
- Then copy the updated database to your current database.
sudo cp -p /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gzUninstall AIDE on Rocky Linux 9
- To remove AIDE on Rocky Linux run the command below.
sudo dnf remove aideSample output
Dependencies resolved. ====================================================================== Package Architecture Version Repository Size ====================================================================== Removing: aide x86_64 0.16-100.el9 @appstream 354 k Transaction Summary ====================================================================== Remove 1 Package Freed space: 354 k Is this ok [y/N]: y Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : aide-0.16-100.el9.x86_64 1/1 Running scriptlet: aide-0.16-100.el9.x86_64 1/1 Verifying : aide-0.16-100.el9.x86_64 1/1 Removed: aide-0.16-100.el9.x86_64 Complete!
- You have made it to the end of our guide, we have gone through how to install AIDE on Rocky Linux 9.
Read more on AIDE Documentation
Other Tutorials
Install Velociraptor agents on Ubuntu 22.04
