aide / aide.github.io Goto Github PK

             AIDE - Advanced Intrusion Detection Environment
            -------------------------------------------------
                              Version 0.18

    This file is free software; as a special exception the author gives
    unlimited permission to copy and/or distribute it, with or without
    modifications, as long as this notice is preserved.

    This file is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY, to the extend permitted by law; without even the
    implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


    Introduction
    ------------

    AIDE is a tool for monitoring file system changes. It can be used
    to detect unauthorized monitored files and directories. AIDE was
    written to be a simple and free alternative to Tripwire. Features
    currently included in AIDE are as follows:

        o  File attributes monitored: permissions, inode, user, group
           file size, mtime, atime, ctime, links and growing size.
        o  Multiple checksums and hashes supported
        o  Plain text configuration files and database for simplicity.
        o  Rules, variables and macros that can be customized to local
           site or system policies.
        o  Powerful regular expression support to selectively include or
           exclude files and directories to be monitored.
        o  gzip database compression if zlib support is compiled in.
        o  Free software licensed under the GNU General Public License v2.

    The homepage of AIDE is https://aide.github.io

    Current Version
    ---------------

    AIDE is currently maintained on GitHub.

    Please visit https://github.com/aide/aide/ to get the newest version of
    the source code.

    Documentation
    -------------

    The documentation for AIDE can be found in the doc/ directory.

    Installation
    ------------

    If you are using a git version of the source you need to generate the
    configuration files first:

        $ ./autogen.sh

    For generic installation instructions please see the INSTALL file
    (generated by autogen.sh).

    In short, just type:
        $ ./configure
        $ make
        $ make install

    See './configure --help' for the available configuration options.

    Dynamic versus Static Linking
    -----------------------------

    Formerly aide was linked statically by default to reduce the attack vector
    of compromised shared libraries and to ease client/server monitoring
    configurations. However an attacker could still simply replace the
    statically linked binary, tamper the database file or use dynamically
    loaded kernel modules to change the behaviour of AIDe.

    These days many Linux distributions (eg Centos/Oracle Linux), operating
    systems (eg Mac OS/OpenSolaris) and libaries have dropped support for
    static linking.

    Hence starting with releae v0.18 AIDE is linked dynamically by default.

    To re-enable static linking use '--enable-static' when configuring AIDE.

    Source Code Verification
    ------------------------

    We highly recommend checking that the version of AIDE downloaded and
    installed is an original and unmodified one. You can either verify the
    source tarball or the git tag.

    To check the supplied signature with GnuPG:

      $ gpg --verify aide-<VERSION_NUMBER>.tar.gz.asc

    This checks that the detached signature file is indeed a signature
    of aide-<VERSION_NUMBER>.tar.gz.

    To validate the gpg signature of the git tag:

      $ git verify-tag v<VERSION_NUMBER>

    The current public key needed for signature verification is:

        pub   4096R/68E7B931 2011-06-28 [expires: 2025-06-27]
        uid                  Hannes von Haugwitz <[email protected]>

    If you do not have this key, you can get it from one of the well known PGP
    key servers. You have to make sure that the key you install is not a faked
    one. You can do this with reasonable assurance by comparing the output of:

      $ gpg --fingerprint 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931

    with the fingerprint published elsewhere.

    Requirements
    ------------

    AIDE requires the following development tools:

       o  C99 compatible compiler.
       o  GNU Autoconf
       o  GNU Autoconf Macro Archive
       o  GNU Automake
       o  GNU flex.
       o  GNU yacc (bison).
       o  GNU make.
       o  pkg-config
       o  PCRE2 library (libpcre2-8, library with 8-bit code unit support)
       o  libnettle or libgcrypt

       o  libcheck (optional, needed for 'make check', license: LGPL-2.1)

    Note:
      flex version 2.5.31 is broken, you might see the following error

       conf_lex.c: In function `conflex':
       conf_lex.c:4728: error: `yy_prev_more_offset' undeclared (first use in
       this function)
       conf_lex.c:4728: error: (Each undeclared identifier is reported only once
       conf_lex.c:4728: error: for each function it appears in.)

      Either downgrade to flex 2.5.4 or get an updated version that fixes
      this bug.

    Large File Support
    -----------------

    To be able to store the size of files larger than 2GB, AIDE needs large
    file support (LFS) to be available in the OS. The configure script
    automatically checks for LFS. To turn off LFS call the configure script
    with the '-disable-largefile' option.

    Feedback and Support
    --------------------

    End user support is available on the AIDE mailing list:

        https://www.ipi.fi/mailman/listinfo/aide

    An archive for the mailing list archive is available online:

        http://www.ipi.fi/pipermail/aide/

    Please report bugs and feature requests to the aide issue tracker

        https://github.com/aide/aide/issues


    Credits
    -------

    Please see the AUTHORS file.