AIDE will generate a DB the first time it runs.
[root@localhost AIDE]# aide -c aide.conf --init
AIDE, version 0.15.1
### AIDE database at aide.db.new initialized.
[root@localhost AIDE]# ls
aide-0.15.1 aide.conf aide.db.new software
[root@localhost AIDE]# file aide.db.new
aide.db.new: ASCII text
[root@localhost AIDE]# grep hosts aide.db.new
/etc/hosts 0 34359745469 100644 269 0 103 1 aLeAic+G8OYpNZ/CRUWDEQ== 0 0 0 0 0 0 0 0 MTMxNzkxNjc3Mg== MTMxNzkxNjc3Mg==
Most of the result which aide gives are from stat.
[root@localhost AIDE]# stat /etc/hosts
File: `/etc/hosts'
Size: 103 Blocks: 8 IO Block: 4096 regular file
Device: fd00h/64768d Inode: 269 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2011-10-06 21:30:37.763070627 +0530
Modify: 2011-10-06 21:29:32.134043697 +0530
Change: 2011-10-06 21:29:32.134043697 +0530
[root@localhost AIDE]# aide -c aide.conf --check
AIDE, version 0.15.1
### All files match AIDE database. Looks okay!
Now let us try to edit the hosts file
[root@localhost AIDE]# vim /etc/hosts
[root@localhost AIDE]# aide -c aide.conf --check
AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2011-10-07 01:47:14
Summary:
Total number of files: 2447
Added files: 0
Removed files: 0
Changed files: 2
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /etc
changed: /etc/hosts
---------------------------------------------------
Detailed information about changes:
---------------------------------------------------
Directory: /etc
Mtime : 2011-10-06 23:16:45 , 2011-10-07 01:47:11
Ctime : 2011-10-06 23:16:45 , 2011-10-07 01:47:11
File: /etc/hosts
Size : 103 , 128
Mtime : 2011-10-06 21:29:32 , 2011-10-07 01:47:11
Ctime : 2011-10-06 21:29:32 , 2011-10-07 01:47:11
Inode : 269 , 68060
MD5 : aLeAic+G8OYpNZ/CRUWDEQ== , SjcyC62yuuHGTIGZ7Air7g==
AIDE, version 0.15.1
### AIDE database at aide.db.new initialized.
[root@localhost AIDE]# ls
aide-0.15.1 aide.conf aide.db.new software
[root@localhost AIDE]# file aide.db.new
aide.db.new: ASCII text
[root@localhost AIDE]# grep hosts aide.db.new
/etc/hosts 0 34359745469 100644 269 0 103 1 aLeAic+G8OYpNZ/CRUWDEQ== 0 0 0 0 0 0 0 0 MTMxNzkxNjc3Mg== MTMxNzkxNjc3Mg==
Most of the result which aide gives are from stat.
[root@localhost AIDE]# stat /etc/hosts
File: `/etc/hosts'
Size: 103 Blocks: 8 IO Block: 4096 regular file
Device: fd00h/64768d Inode: 269 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2011-10-06 21:30:37.763070627 +0530
Modify: 2011-10-06 21:29:32.134043697 +0530
Change: 2011-10-06 21:29:32.134043697 +0530
[root@localhost AIDE]# aide -c aide.conf --check
AIDE, version 0.15.1
### All files match AIDE database. Looks okay!
Now let us try to edit the hosts file
[root@localhost AIDE]# vim /etc/hosts
[root@localhost AIDE]# aide -c aide.conf --check
AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2011-10-07 01:47:14
Summary:
Total number of files: 2447
Added files: 0
Removed files: 0
Changed files: 2
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /etc
changed: /etc/hosts
---------------------------------------------------
Detailed information about changes:
---------------------------------------------------
Directory: /etc
Mtime : 2011-10-06 23:16:45 , 2011-10-07 01:47:11
Ctime : 2011-10-06 23:16:45 , 2011-10-07 01:47:11
File: /etc/hosts
Size : 103 , 128
Mtime : 2011-10-06 21:29:32 , 2011-10-07 01:47:11
Ctime : 2011-10-06 21:29:32 , 2011-10-07 01:47:11
Inode : 269 , 68060
MD5 : aLeAic+G8OYpNZ/CRUWDEQ== , SjcyC62yuuHGTIGZ7Air7g==
No comments:
Post a Comment