AIDE
About AIDE
AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker.
What does it do?
It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (see below) that are used to check the integrity of the file. All of the usual file attributes can also be checked for inconsistencies. It can read databases from older or newer versions. See the manual pages within the distribution for further info.
Features
- supported message digest algorithms: md5, sha1, rmd160, tiger, crc32, sha256, sha512, whirlpool (additionally with libmhash: gost, haval, crc32b)
- supported file attributes: File type, Permissions, Inode, Uid, Gid, Link name, Size, Block count, Number of links, Mtime, Ctime and Atime
- support for Posix ACL, SELinux, XAttrs and Extended file system attributes if support is compiled in
- plain text configuration files and database for simplicity
- powerful regular expression support to selectively include or exclude files and directories to be monitored
- gzip database compression if zlib support is compiled in
- stand alone static binary for easy client/server monitoring configurations
- and many more
Get AIDE
The current
stable version of AIDE is
0.16 (
manual page)
Downstreams
AIDE is included in the following distributions. Please use the corresponding command to install AIDE.
- Debian GNU/Linux | Ubuntu:
apt-get install aide or aptitude install aide
- Gentoo:
emerge aide
- MacPorts:
port install aide
- FreeBSD:
pkg_add -r aide
- Red Hat | CentOS | Fedora:
yum install aide
- openSUSE:
zypper install aide
- IPCop: see here for installation guidelines
See also the output of whohas aide.
Please contact aide-devel if your distribution is not listed above.
Basically AIDE runs on any modern Unix. Below is a table of platforms people has tested AIDE (compiled with standard options).
Platforms
| Platform | AIDE version | Maintainer | Hints |
| Linux 2.6 | 15.x | Hannes von Haugwitz | none |
| Solaris 10/OpenSolaris | unknown | wanted | see README |
| Mac OS X Leopard | unknown | wanted | see README |
| FreeBSD 2.2.8,3.4 | unknown | wanted | none |
| Unixware 7.0.1 | unknown | wanted | none |
| BSDi 4.1 | unknown | wanted | none |
| OpenBSD 2.6,3.0 | unknown | wanted | none |
| AIX 4.2 | unknown | wanted | none |
| TRU64 4.0x | unknown | wanted | none |
| HP-UX 11i | unknown | wanted | none |
| Cygwin | unknown | wanted | none |
The list is updated after each stable release.
If you run AIDE on a platform not listed above or currently not maintained, please consider to become an AIDE platform maintainer (see here for details).
Source
Both the source tarballs from sf.net and the tags of the git repository (since v0.16a1) are GnuPG-signed.
Since v0.16a2 the key used for signing is the GnuPG key of
Hannes von Haugwitz (the current maintainer of AIDE).
The current public key can be downloaded from one of the well known PGP key servers.
The public keys used to sign the releases before v0.16a2 are available
here or can
also be downloaded from one of the well known PGP key servers.
The current key is:
pub 4096R/68E7B931 2011-06-28 [expires: 2021-06-27]
Key fingerprint = 2BBB D30F AAB2 9B32 53BC FBA6 F694 7DAB 68E7 B931
uid Hannes von Haugwitz <hannes@vonhaugwitz.com>
Please
always verify the signature of a release before using it (see below).
Source tarballs
The source code of the current stable version can be downloaded
here. Currently there are
no mirrors.
Use the following command to verify the signature of the downloaded source tarball (see
README file for details):
gpg --verify aide-<VERSION_NUMBER>.tar.gz.asc
GIT
Informations about the AIDE git repository can be found
here.
Use the following command to verify the signature of a git tag (see
README file for details):
git verify-tag v<VERSION_NUMBER>
Daily snapshot releases
A daily snapshot release can be downloaded
here. Thanks to
Richard van den Berg for providing the snapshots.
License
AIDE is licensed under GPL.
User support
If you have questions about the usage of AIDE please write to the
mailing list for users.
FAQ
Frequently asked questions will be published here.
Bug reports
First, make sure the bug still exists in the current version from GIT. If it does, report the bug via the SourceForge Bug system.
Mailinglists
There are several AIDE related mailing lists:
- aide-announce
- Read only mailing list for announcements about rc and final releases or other project news.
- aide
- The user mailing list is maintained on ipi.fi. Thanks to Rami Lehti for maintaining it.
- aide-devel
- The developers mailing list. Development releases (alpha and beta releases) are announced on this list.
- aide-tracker
- Read only mailing list for notifications from SourceForge trackers for AIDE.
- aide-commits
- Read only mailing list for commits pushed to the git repository.
Development
Future plans
- UTF-8 Support
- Threads
- Signed database
- Signed configuration file(s)
For a complete and more detailed list see the
Todo file.
Support AIDE
If you want to help with the development of AIDE please contact the
aide-devel mailing list.
AIDE platform maintainer
AIDE platform maintainers test if AIDE runs on their
platform. We expect that a platform maintainer provides feedback about the status of at least one release candidate (if it compiles and runs without errors) on their platform.
Each platform maintainer must be subscribed to
aide-devel to follow the development and should be subscribed to
aide so he/she can help on platform specific issues.
If you want to become an AIDE platform maintainer for an existing (but unmaintained) or a new platform please contact the
aide-devel mailing list.
Who's behind AIDE?
AIDE was originally written by
Rami Lehti and
Pablo Virolainen in 1999.
Between 2003 and 2010 it was maintained by
Richard van den Berg.
In October 2010
Hannes von Haugwitz took over the project.
For the mail addresses of the authors please see the
AUTHORS file.
Last Update: 19 Aug 2016
