Host based intrusion system IDS

experiment Linux platform  CentOS System

Application background ： As system administrator , They need a security mechanism , For example, the mechanism of detecting file tampering

What exactly does it detect ？  The contents of the document 、 File properties

AIDE： The abbreviation of advanced intrusion detection system

How can it be achieved :AIDE By scanning the surface, one is tampered linux The server File system to build file attribute database

take The server File attributes and database conversion , Warn the index of the modified file ！

You can see from above ：ADIE The initial installation of must keep the data ‘ clean ’

After the system is installed , And no services are exposed on the Internet or even on the LAN

step ： After installing the system ----- Broken net ------ Install at the terminal AIDE service ------ To configure

install The server End software aide

# yum install aide

Default profile /etc/aide.conf

The main protection rules in the configuration file are ：FIPSR NORMAL DIR DATAONLY

FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256

jurisdiction ：p  The index node :i    Link number :l  user :u 

Group :g    size :s    Modification time :m    Creation time :c 

ACL:acl    SELINUX:selinux  xattrs:xattr

SHA256/SHA512 Monitoring and （sh256 and sh 512）

Exclamation point before entry ! tell ADIE Ignore subdirectories or directory files

First run AIDE

Initialize first ADIE database

aide --init

according to /etc/side.conf Generated by configuration file /var/lib/aide/aidedb.new.gz The file needs to be renamed /var/lib/aide/aidedb.gz

First proofreading

# aide Run this command directly , If there are no parameters, it defaults to check Options

to update AIDE database

# aide --update

thank you ~~~~~