Archive for March, 2009
Intrusion Detection with AIDE
Sunday, March 1st, 2009 | Technology | No Comments
Advanced Intrusion Detection Environment, or AIDE for short, is a handy little utility which you can use to detect an unwanted intrusion into your server. The website is here: http://www.cs.tut.fi/~rammer/aide.html
With computer security, you not only need to protect against incoming attacks but you also need to detect when an intrusion has taken place. AIDE is good for detecting successful intrusions within a server.
It works by creating an initial database of checksums for the files you want to monitor. You can choose from a myriad of hashing algorithms including MD5 and SHA1. From then on, you can have AIDE check all your current system files against the compiled database. If a file has changed it will be detected and you can take appropriate action if any is required.
This is useful if your machine becomes infected with a trojan or virus – the kind that modifies the binaries to embed itself within the usual commands. For example, coreutils’ ls, mkdir, etc.
The installation and setup is trivial, give or take the time you need to understand the configuration file and list the directories and files to monitor. So give it a go.