Install AIDE on Rocky Linux 9

This article will take you through how to install AIDE on Rocky Linux 9. AIDE (Advanced Intrusion Detection Environment) is a file and directory, integrity checker. It takes the regular expression rules it discovers in the configuration file and generates a database from them. The integrity of the files can be checked using this database after it has been initialized. It uses a number of message digest techniques to check the file’s integrity. It is possible to check for discrepancies across all of the typical file properties, and older or newer versions of the database can be read.

How to Install AIDE on Rocky Linux 9

  • Update your system.
sudo dnf update
  • Next, install AIDE on Rocky Linux 9 using the command below.
sudo dnf install aide

Sample output

Dependencies resolved.
=====================================================================
 Package    Architecture Version               Repository       Size
=====================================================================
Installing:
 aide       x86_64       0.16-100.el9          appstream       147 k

Transaction Summary
=====================================================================
Install  1 Package

Total download size: 147 k
Installed size: 354 k
Is this ok [y/N]: y
Downloading Packages:

aide-0.16-100.el9.x86_64.rpm         3.7 kB/s | 147 kB     00:39    
---------------------------------------------------------------------
Total                                3.3 kB/s | 147 kB     00:43     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                             1/1 
  Installing       : aide-0.16-100.el9.x86_64                    1/1 
  Running scriptlet: aide-0.16-100.el9.x86_64                    1/1 
  Verifying        : aide-0.16-100.el9.x86_64                    1/1 

Installed:
  aide-0.16-100.el9.x86_64                                           

Complete!
  • To check the version installed run the command below.
aide --version

Sample output

Aide 0.16

Compiled with the following options:

WITH_MMAP
WITH_PCRE
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_E2FSATTRS
WITH_LSTAT64
WITH_READDIR64
WITH_ZLIB
WITH_CURL
WITH_GCRYPT
WITH_AUDIT
CONFIG_FILE = "/etc/aide.conf"
  • Initialize the AIDE database.
sudo aide --init

Sample output

Start timestamp: 2022-07-28 13:16:43 +0300 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new.gz

Number of entries:    129760

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.new.gz
  MD5      : SRNnSRytrVXRSmV7wsfRSw==
  SHA1     : 6ikobpeqs3rphtQDzgIhWH6fXjA=
  RMD160   : n28wdF+FnJc7uCk01++v/unHtIw=
  TIGER    : tjqsqe0IyxOH6RZKZVYWtO9kV1BNgZuZ
  SHA256   : nvjUChq0Qc8Q+WlSy2oUl4a1E6CjSQ3v
             ybFGj+8pUvI=
  SHA512   : afkAP6w/LXM77+0CvsKxCKNhSpGp84jF
             w+++sqf8hR+k6gW5NRZt47GEB99i0Y3P
             gLgPw6lCqQDzakppZO7vmg==


End timestamp: 2022-07-28 13:23:15 +0300 (run time: 6m 32s)
  • After initializing the database, copy it.
sudo cp -p /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
  • Let’s run the integrity check command as shown below.
sudo aide --check

Sample output

Start timestamp: 2022-07-28 13:34:31 +0300 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!

Number of entries:    129760

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.gz
  MD5      : SRNnSRytrVXRSmV7wsfRSw==
  SHA1     : 6ikobpeqs3rphtQDzgIhWH6fXjA=
  RMD160   : n28wdF+FnJc7uCk01++v/unHtIw=
  TIGER    : tjqsqe0IyxOH6RZKZVYWtO9kV1BNgZuZ
  SHA256   : nvjUChq0Qc8Q+WlSy2oUl4a1E6CjSQ3v
             ybFGj+8pUvI=
  SHA512   : afkAP6w/LXM77+0CvsKxCKNhSpGp84jF
             w+++sqf8hR+k6gW5NRZt47GEB99i0Y3P
             gLgPw6lCqQDzakppZO7vmg==


End timestamp: 2022-07-28 13:39:36 +0300 (run time: 5m 5s)
  • To update the AIDE database, use the command below.
sudo aide --update

Sample output

Start timestamp: 2022-07-28 13:47:30 +0300 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!
New AIDE database written to /var/lib/aide/aide.db.new.gz

Number of entries:    129760

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.gz
  MD5      : SRNnSRytrVXRSmV7wsfRSw==
  SHA1     : 6ikobpeqs3rphtQDzgIhWH6fXjA=
  RMD160   : n28wdF+FnJc7uCk01++v/unHtIw=
  TIGER    : tjqsqe0IyxOH6RZKZVYWtO9kV1BNgZuZ
  SHA256   : nvjUChq0Qc8Q+WlSy2oUl4a1E6CjSQ3v
             ybFGj+8pUvI=
  SHA512   : afkAP6w/LXM77+0CvsKxCKNhSpGp84jF
             w+++sqf8hR+k6gW5NRZt47GEB99i0Y3P
             gLgPw6lCqQDzakppZO7vmg==

/var/lib/aide/aide.db.new.gz
  MD5      : HKGtVHBOLcSnvxPVrCqWfg==
  SHA1     : tjDS5DWuZbgUND8uzZsKOFiLGmw=
  RMD160   : N6MlQY81U4ClzGIOxi+sdXyJGWI=
  TIGER    : v3ErYLnwM24TV79U1DEjajS1ibTxlP5w
  SHA256   : DLkoS2ILr4VkTT7KhEwcrU/xpR0hEQO0
             bjsSgY1JVqs=
  SHA512   : zXurh+wlhD4Khw7xRt1ROwTadyRxObYG
             Hof6LBoixv9yiQiZUep0VT2aZxrhNu9s
             PKhn6HGSGymUD9Ugk2QpwA==


End timestamp: 2022-07-28 13:52:45 +0300 (run time: 5m 15s)
  • Then copy the updated database to your current database.
sudo cp -p /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Uninstall AIDE on Rocky Linux 9

  • To remove AIDE on Rocky Linux run the command below.
sudo dnf remove aide

Sample output

Dependencies resolved.
======================================================================
 Package    Architecture Version               Repository        Size
======================================================================
Removing:
 aide       x86_64       0.16-100.el9          @appstream       354 k

Transaction Summary
======================================================================
Remove  1 Package

Freed space: 354 k
Is this ok [y/N]: y
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                              1/1 
  Erasing          : aide-0.16-100.el9.x86_64                     1/1 
  Running scriptlet: aide-0.16-100.el9.x86_64                     1/1 
  Verifying        : aide-0.16-100.el9.x86_64                     1/1 

Removed:
  aide-0.16-100.el9.x86_64                                            

Complete!
  • You have made it to the end of our guide, we have gone through how to install AIDE on Rocky Linux 9.

Read more on AIDE Documentation

Other Tutorials

Install Velociraptor agents on Ubuntu 22.04

Install Velociraptor on Ubuntu 22.04

How to Upgrade Passbolt Installed from Source on Ubuntu

System administrator | Software Developer | DevOps

Leave a Comment