summaryrefslogtreecommitdiff
path: root/README.quickstart
diff options
context:
space:
mode:
Diffstat (limited to 'README.quickstart')
-rw-r--r--README.quickstart40
1 files changed, 40 insertions, 0 deletions
diff --git a/README.quickstart b/README.quickstart
new file mode 100644
index 0000000..87adc63
--- /dev/null
+++ b/README.quickstart
@@ -0,0 +1,40 @@
+1) Customize /etc/aide.conf to your liking. In particular, add
+ important directories and files which you would like to be
+ covered by integrity checks. Avoid files which are expected
+ to change frequently or which don't affect the safety of your
+ system.
+
+2) Run "/usr/sbin/aide --init" to build the initial database.
+ With the default setup, that creates /var/lib/aide/aide.db.new.gz
+
+3) Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.new.gz
+ in a secure location, e.g. on separate read-only media (such as
+ CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures
+ of those files in a secure location, so you have means to verify
+ that nobody modified those files.
+
+4) Copy /var/lib/aide/aide.db.new.gz to /var/lib/aide/aide.db.gz
+ which is the location of the input database.
+
+5) Run "/usr/sbin/aide --check" to check your system for inconsistencies
+ compared with the AIDE database. Prior to running a check manually,
+ ensure that the AIDE binary and database have not been modified
+ without your knowledge.
+
+ Caution!
+
+ With the default setup, an AIDE check is not run periodically as a
+ cron job. It cannot be guaranteed that the AIDE binaries, config
+ file and database are intact. It is not recommended that you run
+ automated AIDE checks without verifying AIDE yourself frequently.
+ In addition to that, AIDE does not implement any password or
+ encryption protection for its own files.
+
+ It is up to you how to put a file integrity checker to good effect
+ and how to set up automated checks if you think it adds a level of
+ safety (e.g. detecting failed/incomplete compromises or unauthorized
+ modification of special files). On a compromised system, the
+ intruder could disable the automated check. Or he could replace the
+ AIDE binary, config file and database easily when they are not
+ located on read-only media.
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 11:29:10 +0000