diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-08-01 10:17:22 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-08-01 10:17:22 +0000 |
| commit | bd1b9654a597b2214071c1188ad683e708721f4b (patch) | |
| tree | fcc22946609eb505eadb3fb5cfcea61369a50d2c /README.quickstart | |
| parent | 374ae3091442fd5cd7442a65ca2bffeada2fb3bc (diff) | |
automatic import of aideopeneuler24.03_LTSopeneuler23.09
Diffstat (limited to 'README.quickstart')
| -rw-r--r-- | README.quickstart | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/README.quickstart b/README.quickstart new file mode 100644 index 0000000..87adc63 --- /dev/null +++ b/README.quickstart @@ -0,0 +1,40 @@ +1) Customize /etc/aide.conf to your liking. In particular, add + important directories and files which you would like to be + covered by integrity checks. Avoid files which are expected + to change frequently or which don't affect the safety of your + system. + +2) Run "/usr/sbin/aide --init" to build the initial database. + With the default setup, that creates /var/lib/aide/aide.db.new.gz + +3) Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.new.gz + in a secure location, e.g. on separate read-only media (such as + CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures + of those files in a secure location, so you have means to verify + that nobody modified those files. + +4) Copy /var/lib/aide/aide.db.new.gz to /var/lib/aide/aide.db.gz + which is the location of the input database. + +5) Run "/usr/sbin/aide --check" to check your system for inconsistencies + compared with the AIDE database. Prior to running a check manually, + ensure that the AIDE binary and database have not been modified + without your knowledge. + + Caution! + + With the default setup, an AIDE check is not run periodically as a + cron job. It cannot be guaranteed that the AIDE binaries, config + file and database are intact. It is not recommended that you run + automated AIDE checks without verifying AIDE yourself frequently. + In addition to that, AIDE does not implement any password or + encryption protection for its own files. + + It is up to you how to put a file integrity checker to good effect + and how to set up automated checks if you think it adds a level of + safety (e.g. detecting failed/incomplete compromises or unauthorized + modification of special files). On a compromised system, the + intruder could disable the automated check. Or he could replace the + AIDE binary, config file and database easily when they are not + located on read-only media. + |