Linux Community Magazine: Dec 13, 2010

Weekend Project: Intrusion Detection on Linux with AIDE

Weekend Project: Intrusion Detection on Linux with AIDE
Dec 4, 2010, 07 :02 UTC (0 Talkback[s]) (1766 reads)
(Other stories by Nathan Willis)

" Front-line measures like firewalling, strong authentication, and staying on top of security updates are mandatory steps to keeping your system secure. But you also need to check your system's health frequently and make sure a compromise didn't slip past you unnoticed. A good place to start is with an intrusion detection system (IDS) that monitors your machine's resources and flags any changes that might indicate an intruder or a rootkit. The Advanced Intrusion Detection Environment (AIDE) is an open source IDS that you can set up in a weekend.
"Before we get started, though, it's vital to understand how an IDS like AIDE functions. AIDE is a host-based IDS, which basically means that it scans the filesystem and logs the attributes of important files, directories, and devices. Each time it runs, it compares its findings against the previous, "known good" data, and alerts you if something has changes. But the downside is that if your system is already compromised before you install and run AIDE initially, you won't be able to detect it."

Complete Story

Related Stories:
Back door in ProFTPD FTP server(Dec 03, 2010)
Metasploit Goes Pro for Security Testing(Oct 20, 2010)
A Simple Snort Alert Parser(Sep 27, 2010)
How To Configure The AIDE File Integrity Scanner For Your Website(Aug 18, 2010)
Linux Security Notes - AIDE File Integrity(Oct 22, 2009)