AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker.
It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (see below) that are used to check the integrity of the file. All of the usual file attributes can also be checked for inconsistencies. It can read databases from older or newer versions. See the manual pages within the distribution for further info.
Features
- supported message digest algorithms: md5, sha1, rmd160, tiger, crc32, sha256, sha512, whirlpool (additionally with libmhash: gost, haval, crc32b)
- supported file attributes: File type, Permissions, Inode, Uid, Gid, Link name, Size, Block count, Number of links, Mtime, Ctime and Atime
- support for Posix ACL, SELinux, XAttrs and Extended file system attributes if support is compiled in
- plain text configuration files and database for simplicity
- powerful regular expression support to selectively include or exclude files and directories to be monitored
- gzip database compression if zlib support is compiled in
- stand alone static binary for easy client/server monitoring configurations
- and many more
Basically AIDE runs on any modern Unix. Below is a table of platforms people has tested AIDE (compiled with standard options).
| Platform | AIDE version | Maintainer | Hints |
|---|---|---|---|
| Linux 2.6 | 15.x | Hannes von Haugwitz | none |
| Solaris 10/OpenSolaris | unknown | wanted | see README |
| Mac OS X Leopard | unknown | wanted | see README |
| FreeBSD 2.2.8,3.4 | unknown | wanted | none |
| Unixware 7.0.1 | unknown | wanted | none |
| BSDi 4.1 | unknown | wanted | none |
| OpenBSD 2.6,3.0 | unknown | wanted | none |
| AIX 4.2 | unknown | wanted | none |
| TRU64 4.0x | unknown | wanted | none |
| HP-UX 11i | unknown | wanted | none |
| Cygwin | unknown | wanted | none |