AIDE 2022-05-05 AIDE stands for Advanced Intrusion Detection Environment and it keeps track of system integrity by holding a database of file details. This can help you catch unauthorized file modifications and other tampering attempts which could be caused by malware, misbehaving software or bad actors on your server. The weak point of this solution is the dependence on trusted AIDE database. It is created with the initial scan, so if your system has been infected beforehand - AIDE will be of no help. The database should be updated periodically to keep single check runs nice and clean. Keeping track of the AIDE database integrity is on the administrator. It is still much easier to track integrity of only one file by hand instead of the whole system, so AIDE turns out to be quite useful nonetheless. On Debian the default main configuration is located at `/etc/aide/aide.conf` with more configuration files under `/etc/aide/aide.conf.d/`. Database locations are defined in the main configuration file. These paths are not baked into the binary, so you have to pass a `--config` parameter when using AIDE on Debian. On Arch Linux the default configuration is located at `/etc/aide.conf` and the path is automatically recognized. You can confirm default locations with: $ aide --version If you're using Arch Linux instead of Debian, simply omit the `--config` parameter in the commands below. To initiate the database: $ aide --config /etc/aide/aide.conf --init This will perform initial scan and drop a new database file. Updates work similarly, but they will produce a longer report, because they also run checks. Every time you update the database you have to manually replace the old version with the new one. For Debian: $ mv /var/lib/aide/aide.db{.new,} To perform the update: $ aide --config /etc/aide/aide.conf --update To run a check you can issue: $ aide --config /etc/aide/aide.conf --check | tee aide.out The output might be longer than you think, but you can inspect the `aide.out` file later. Every action outputs multiple hashes of your database. AIDE will check the integrity of your files, but the database it uses must be trusted. Makes sure these checksums don't change unexpectedly, as it is crucial for the integrity.