File: README

package info (click to toggle)
aide 0.18.3-1%2Bdeb12u3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 3,368 kB
  • sloc: ansic: 10,364; sh: 6,196; lex: 764; yacc: 123; makefile: 104
file content (182 lines) | stat: -rw-r--r-- 6,403 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
 

             AIDE - Advanced Intrusion Detection Environment
            -------------------------------------------------
                              Version 0.18.3

    This file is free software; as a special exception the author gives
    unlimited permission to copy and/or distribute it, with or without
    modifications, as long as this notice is preserved.

    This file is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY, to the extend permitted by law; without even the
    implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


    Introduction
    ------------

    AIDE is a tool for monitoring file system changes. It can be used
    to detect unauthorized monitored files and directories. AIDE was
    written to be a simple and free alternative to Tripwire. Features
    currently included in AIDE are as follows:

        o  File attributes monitored: permissions, inode, user, group
           file size, mtime, atime, ctime, links and growing size.
        o  Checksums and hashes supported: SHA1, MD5, RMD160, and TIGER.
           CRC32, HAVAL and GOST if Mhash support is compiled in.
        o  Plain text configuration files and database for simplicity.
        o  Rules, variables and macros that can be customized to local
           site or system policies.
        o  Powerful regular expression support to selectively include or
           exclude files and directories to be monitored.
        o  gzip database compression if zlib support is compiled in.
        o  Free software licensed under the GNU General Public License v2.

    The homepage of AIDE is https://aide.github.io

    Current Version
    ---------------

    AIDE is currently maintained on GitHub.

    Please visit https://github.com/aide/aide/ to get the newest version of
    the source code.

    Documentation
    -------------

    The documentation for AIDE can be found in the doc/ directory.

    Installation
    ------------

    If you are using a git version of the source you need to generate the
    configuration files first:

        $ sh ./autogen.sh

    For generic installation instructions please see the INSTALL file
    (generated by autogen.sh).

    In short, just type:
        $ ./configure
        $ make
        $ make install

    See './configure --help' for the available configuration options.

    For AIX 5.3 it has been reported there is a problem with using mhash
    which causes an "Undefined symbol: .rpl_malloc" error. This is a problem
    in mhash_config.h which can be fixed by removing the line that reads
    #define malloc rpl_malloc

    Dynamic versus Static Linking
    -----------------------------

    Formerly aide was linked statically by default to reduce the attack vector
    of compromised shared libraries and to ease client/server monitoring
    configurations. However an attacker could still simply replace the
    statically linked binary, tamper the database file or use dynamically
    loaded kernel modules to change the behaviour of AIDe.

    These days many Linux distributions (eg Centos/Oracle Linux), operating
    systems (eg Mac OS/OpenSolaris) and libaries have dropped support for
    static linking.

    Hence starting with releae v0.18 AIDE is linked dynamically by default.

    To re-enable static linking use '--enable-static' when configuring AIDE.

    Source Code Verification
    ------------------------

    We highly recommend checking that the version of AIDE downloaded and
    installed is an original and unmodified one. You can either verify the
    source tarball or the git tag.

    To check the supplied signature with GnuPG:

      $ gpg --verify aide-<VERSION_NUMBER>.tar.gz.asc

    This checks that the detached signature file is indeed a signature
    of aide-<VERSION_NUMBER>.tar.gz.

    To validate the gpg signature of the git tag:

      $ git verify-tag v<VERSION_NUMBER>

    The current public key needed for signature verification is:

        pub   4096R/68E7B931 2011-06-28 [expires: 2025-06-27]
        uid                  Hannes von Haugwitz <hannes@vonhaugwitz.com>

    If you do not have this key, you can get it from one of the well known PGP
    key servers. You have to make sure that the key you install is not a faked
    one. You can do this with reasonable assurance by comparing the output of:

      $ gpg --fingerprint 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931

    with the fingerprint published elsewhere.

    Requirements
    ------------

    AIDE requires the following development tools:

       o  C99 compatible compiler.
       o  GNU Autoconf
       o  GNU Autoconf Macro Archive
       o  GNU Automake
       o  GNU flex.
       o  GNU yacc (bison).
       o  GNU make.
       o  pkg-config
       o  PCRE2 library
       o  Mhash (optional, but highly recommended). Mhash is currently
          available from http://mhash.sourceforge.net/. A static version of
          libmhash needs to be build using the --enable-static=yes
          configure option.
          Aide requires at least mhash version 0.9.2

       o  libcheck (optional, needed for 'make check', license: LGPL-2.1)

    Note:
      flex version 2.5.31 is broken, you might see the following error

       conf_lex.c: In function `conflex':
       conf_lex.c:4728: error: `yy_prev_more_offset' undeclared (first use in
       this function)
       conf_lex.c:4728: error: (Each undeclared identifier is reported only once
       conf_lex.c:4728: error: for each function it appears in.)

      Either downgrade to flex 2.5.4 or get an updated version that fixes
      this bug.

    Large File Support
    -----------------

    To be able to store the size of files larger than 2GB, AIDE needs large
    file support (LFS) to be available in the OS. The configure script
    automatically checks for LFS. To turn off LFS call the configure script
    with the '-disable-largefile' option.

    Feedback and Support
    --------------------

    End user support is available on the AIDE mailing list:

        https://www.ipi.fi/mailman/listinfo/aide

    An archive for the mailing list archive is available online:

        http://www.ipi.fi/pipermail/aide/

    Please report bugs and feature requests to the aide issue tracker

        https://github.com/aide/aide/issues


    Credits
    -------

    Please see the AUTHORS file.