Install AIDE in CentOS 6.x

Step 1: Installing AIDE

Installing the software is quite simple. Just run the following command as the root user:

yum install -y aide

That’s all you need to do for installation.

Step 2: Configuring AIDE

This is the harder part. In order for AIDE to work, we need to compile a database of folders/files that we want notifications about. We will use the AIDE defaults. Setting up monitoring on specific folders/files is outside the scope of this tutorial. Refer to AIDE documentation if you need that type of configuration.

First, we need to initialize AIDE. Run the following command as root:

aide --init

That will create the database for the first time. Then, run these commands as root:

cd /var/lib/aide
mv aide.db.new.gz aide.db.gz

Unfortunately, this step is required as AIDE will not work without it.

We need to have AIDE inspect our files for the first time as well, so execute these commands as root:

aide --check
aide --update

Go back to the /var/lib/aide directory, and you should find another new database. Remove the first one without the new part in the file name, by running:

rm aide.db.gz

Move over the new database:

mv aide.db.new.gz aide.db.gz

Since the default configuration already fits for most of our files, we should be fine using it. All that’s left is to have AIDE send you an email if there are any unauthorized changes. For this article, we’ll be using nano as our text editor.

nano /etc/crontab

Find the section with MAILTO=root and change root to your email address. Then, run:

crontab -e

Add this to the file:

0 1 * * * /usr/sbin/aide --check

This will make AIDE check and send you an email once per day if it detects that a file has been modified.

With credit and thanks to https://www.vultr.com/docs/setting-up-aide-advanced-intrusion-detection-on-centos-6