Need help with Install and initialize the database for AIDE:

Performance Checklist

$1.$ From workstation using terminal, open a new tab that will provide a bash prompt.

$2.$ Use the sudo su command to switch to root.

$3.$ Switch to the root account and enter the password for student.

Type, sudo su

Installing AIDE

$1.$ Install the AIDE package using Yum. Type yum install aide to install the software. Besides just the binaries, the package gives you a good baseline configuration file $(/$etc$/$aide$.$conf$),$ and a good example script you can add to cron for regular checks $/$usr$/$share$/$doc$/$packages$/$aide$/$examples$/$etc$/$cron$.$daily$/$aide$.$sh$.$

$2.$ At a minimum, AIDE should be configured to run a weekly scan. Mostly, AIDE should be run daily. For example, to schedule a daily execution of AIDE at $4$:$05$ am using cron add the following line to $/$etc$/$crontab:

$054***$ root $/$usr$/$sbin$/$aide $--$check

$3.$ Now, initialize the database for a baseline:

aide $--$config$=/$etc$/$aide$.$conf $--$init

Note: This creates $/$var$/$lib$/$aide$/$aide$.$db$.$new.gz$,$ a database file that contains information about the filesystem, as instructed by $/$etc$/$aide$.$conf.

$4.$ To start using the database, remove the new substring from the initial database file name:

mv $/$var$/$lib$/$aide$/$aide$.$db$.$new.gz $/$var$/$lib$/$aide$/$aide$.$db$.$gz

Note: This gives you a database to run your checks against. For additional security, store the database, configuration, and the $/$usr$/$sbin$/$aide binary file in a secure location such as a read$-$only media!

$5.$ Make a screen capture showing the results and paste it into your Lab Report file.

$6.$ We need to have AIDE inspect our files for the first time as well, so execute these commands as root in the next section:

aide $--$check

aide $--$update

Checking and testing AIDE Lab Activity: Install and initialize the database for AIDE

Do the following:

Prepare the System for the Lab

$1.$ Log in to workstation as student using student as the password by using the virtviewer.

Performance Checklist

$1.$ From workstation using terminal, open a new tab that will provide a bash prompt.

$2.$ Use the sudo su command to switch to root.

$3.$ Switch to the root account and enter the password for student. Type, sudo su

Installing AIDE

$1.$ Install the AIDE package using Yum. Type yum install aide to install the software. Besides just the binaries, the package gives you a good baseline configuration file $(/$etc$/$aide$.$conf$),$ and a good example script you can add to cron for regular checks $/$usp$/$share$/$doc$/$packages$/$aide$/$examples$/$etc$/$cron$.$daily$/$aide$.$sh$.$

$2.$ At a minimum, AIDE should be configured to run a weekly scan. Mostly, AIDE should be run daily. For example, to schedule a daily execution of AIDE at $4$:$05$ am using cron add the following line to $/$etc$/$crontab:

$\backslash (054***\backslash )$ root$/$usr$/$sbin$/$aide $-$check

$3.$ Now, initialize the database for a baseline:

aide $-$ config$=/$etc$/$aide$.$conf $--$init

Note: This creates$/$var$/$lib$/$aide$/$aide$.$db$.$new.gz$,$ a database file that contains information about the filesystem, as instructed by $/$etc$/$aide$.$conf.

$6.$ We need to have AIDE inspect our files for the first time as well, so execute these commands as root in the next section:

aide $--$check

aide $--$update

Checking and testing AIDE

$1.$ Output is silent in the event of no detected changes.

$2.$ Run a check and see results $($at the default verbose level $1$ in aide.conf$).$ It may take a loooonong time, so be patient...

aide $--$config$=/$etc$/$aide$.$conf $--$check

Note: The results should be something like this:

AIDE found differences between database and filesystem!! Summary:

Total number of files: $\backslash (\backslash$quad $215749\backslash )$

Added files: $1$

Removed files: $\backslash (\backslash$quad $1\backslash )$

Changed files: $8$

Added files:

Added$/$root$/$Iocal$/$share$/$gnome$-$shell$/$application$\_$state

$3.$ Make a screen capture showing the results and paste it into your Lab Report file.

On$-$going maintenance with AIDE

$1.$ You can tweak the aide.conf to your taste. After that, you can do an update: aide $--$config$=/$etc$/$aide$.$conf $--$update

$2.$ The update command also does the same thing as check, but it also creates a new database; by this I mean it creates a new aide.db$.$new.gz$,$ and during the update it compares it real$-$time with aide.db$.$gz$.$

Note: This does not change, which is why it should be read$-$only!

$3.$ Make a screen capture showing the results and paste it into your Lab Report file.

$4.$ When changes are found, and you don't want to see those changes in future reports, you can simply reinitialize the static database aide.db$.$gz$.$ To do this, just re$-$run with $--$init, then copy aide.db$.$new.gz to aide.db$.$gz$,$ as described above. Again, make sure to keep a read$-$only copy of aide.db$.$gz off the system for later comparisons for security validations! $5.$ To run a $--$compare to compare your databases, you must add the following to your

aide.conf $($if you don't specify on the command line$)$:

database new$=$file:$/$var$/$lib$/$aide$/$aide$.$db$.$new.gz

Note: the $"--$compare" does not examine the filesystem, it only compares the two

databases!

$6.$ Make a screen capture showing the results and paste it into your Lab Report file.

ther use of AIDE

$1.$ Run aide once each night with the $--$update option. This way it makes a new aide.db$.$new.gz$,$ and still tells you what ch