User Tools

Site Tools


linux:aide

AIDE

aide is the tool used track the system files is changed or not, especiall for detect the system is hacked.

Install

sudo apt-get install aide

Init

If only run the init

aide --init

It will log error

Couldn't open file /var/lib/aide/please-dont-call-aide-without-parameters/aide.db.new for writing

So it need some parameters

aide -c /etc/aide/aide.conf --init

Then need to run the follwing command

sudo /etc/cron.daily/aide

Update the config

Check /etc/aide/aide.conf.d, it has lots of config files, I just update 31_aide_dokuwiki to the correct path, and add the wordpress path.

/var/www/dokuwiki/wiki/data/cache/[0-9a-f]/[0-9a-f]{32}\.(feed|i|xhtml)$ VarFile
/var/www/dokuwiki/wiki/data/(changes\.log|(index|word)\.idx)$ VarFile
/var/www/dokuwiki/wiki/data/meta/([a-z]+\.indexed|_dokuwiki\.changes)$ VarFile
/var/www/dokuwiki/wiki/data/meta$ VarDir
/var/www/dokuwiki/wiki/data/pages/[a-z]+\.txt$ VarFile
/var/www/dokuwiki/wiki/data/(attic|cache|locks|pages)$ VarDir
/var/www/wordpress$ VarDir

Refer

/var/www/dokuwiki/wiki/data/pages/linux/aide.txt · Last modified: 2019/03/10 01:20 by percy