AIDE (software)
   HOME

TheInfoList



OR:

The Advanced Intrusion Detection Environment (AIDE) was initially developed as a free replacement for
Tripwire A tripwire is a passive triggering mechanism. Typically, a wire or cord is attached to a device for detecting or reacting to physical movement. Military applications Such tripwires may be attached to one or more mines⁠especially fragme ...
licensed under the terms of the
GNU General Public License The GNU General Public Licenses (GNU GPL or simply GPL) are a series of widely used free software licenses, or ''copyleft'' licenses, that guarantee end users the freedom to run, study, share, or modify the software. The GPL was the first ...
(GPL). The primary developers are named as Rami Lehti and Pablo Virolainen, who are both associated with the
Tampere University of Technology Tampere University of Technology (TUT) () was Finland's second-largest university in engineering sciences. The university was located in Hervanta, a suburb of Tampere, Finland, Tampere. It was merged with the University of Tampere to create the ...
, along with Richard van den Berg, an independent Dutch security consultant. The project is used on many
Unix-like A Unix-like (sometimes referred to as UN*X, *nix or *NIX) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Uni ...
systems as an inexpensive baseline control and
rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exist ...
detection system.


Functionality

AIDE takes a "snapshot" of the state of the system, register hashes, modification times, and other data regarding the files defined by the administrator. This "snapshot" is used to build a database that is saved and may be stored on an external device for safekeeping. When the administrator wants to run an integrity test, the administrator places the previously built database in an accessible place and commands AIDE to compare the database against the real status of the system. Should a change have happened to the computer between the snapshot creation and the test, AIDE will detect it and report it to the administrator. Alternatively, AIDE can be configured to run on a schedule and report changes daily using scheduling technologies such as
cron The cron command-line utility is a job scheduler on Unix-like operating systems. Users who set up and maintain software environments use cron to schedule jobs (commands or shell scripts), also known as cron jobs, to run periodically at fixed t ...
, which is the default behavior of the
Debian Debian () is a free and open-source software, free and open source Linux distribution, developed by the Debian Project, which was established by Ian Murdock in August 1993. Debian is one of the oldest operating systems based on the Linux kerne ...
AIDE package. This is mainly useful for security purposes, given that any malicious change which could have happened inside the system would be reported by AIDE.


See also

* Host-based intrusion detection system comparison


References


External links

* {{Official
AIDE Github project



AIDE reference in Ubuntu wiki


Computer security software Unix security software Intrusion detection systems