Posted in: Red Hat

RHEL AIDE – Advanced Intrusion Detection Environment

Avatar of Mr. SynMan Written by Mr. SynMan Leave a Comment on RHEL AIDE – Advanced Intrusion Detection Environment 

yum install aide -y
aide -v

Configure AIDE

aide --init
vi /etc/aide.conf

AIde rules types

PERMS, NORMAL, LSPP, DATAONLY

AIDE Permissions types

PERMS= p+i+n+u+g+acl+selinux
  • p: permission
  • i : inode
  • N : number of links
  • g : group
  • acl : access control list
  • selinux : SELinux security context

Manage AIDE database

Create AIDE cron job

0 1 * * * /usr/sbin/aide --check

Configure AIDE alerts

Back to Top