System Independent Checking - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
aide --check -V
AIDE found differences between database and filesystem!!
Start timestamp: 2009-02-18 15:14:10
Summary:
Total number of files:
Added files:
Removed files:
Changed files:
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /etc/passwd
--------------------------------------------------
Detailed information about changes:
---------------------------------------------------
File: /etc/passwd
Mtime
: 2009-02-18 15:11:02
Ctime
: 2009-02-18 15:11:02
In this example, the file /etc/passwd was touched to demonstrate the effect.
13.3 System Independent Checking
For the paranoid administrator, and of course this is all about paranoia, it is advisable
to also run the AIDE binary from a trusted source. This excludes the risk, that some
attacker also modified the aide binary to hide his traces.
To accomplish this task, aide must be run from a rescue system, that is independent
from the installed system. With SUSE Linux it is relatively easy to extend the rescue
system with arbitrary programs and thus add the needed functionality.
Before you can start using the rescue system, you need to provide two packages to the
system. These are included with the same syntax as you would add a driver update disk
to the system. For a detailed description about the possibilities of linuxrc, that are used
for this purpose, see http://en.opensuse.org/Linuxrc. In the following,
one possibility to accomplish this task is discussed.
1992
0
0
1
, 2009-02-18 15:11:47
, 2009-02-18 15:11:47
Intrusion Detection with AIDE
119
Advertisement
Table of Contents
