forked from aide/aide
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
162 lines (114 loc) · 5.78 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
AIDE - Advanced Intrusion Detection Environment
-------------------------------------------------
Version 0.16.1
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extend permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Introduction
------------
AIDE is a tool for monitoring file system changes. It can be used
to detect unauthorized monitored files and directories. AIDE was
written to be a simple and free alternative to Tripwire. Features
currently included in AIDE are as follows:
o File attributes monitored: perissions, inode, user, group
file size, mtime, atime, ctime, links and growing size.
o Checksums and hashes supported: SHA1, MD5, RMD160, and TIGER.
CRC32, HAVAL and GOST if Mhash support is compiled in.
o Plain text configuration files and database for simplicity.
o Rules, variables and macros that can be customized to local
site or system policies.
o Powerful regular expression support to selectively include or
exclude files and directories to be monitored.
o gzip database compression if zlib support is compiled in.
o Stand alone static binary for easy client/server monitoring
configurations.
o Free software licensed under the GNU General Public License.
The homepage of AIDE is https://aide.github.io
Current Version
---------------
AIDE is currently maintained on GitHub.
Please visit https://github.com/aide/aide/ to get the newest version of
the source code.
Documentation
-------------
The documentation for AIDE can be found in the doc/ directory.
Installation
------------
For generic instructions please see the INSTALL file.
For AIX 5.3 it has been reported there is a problem with using mhash
which causes an "Undefined symbol: .rpl_malloc" error. This is a problem
in mhash_config.h which can be fixed by removing the line that reads
#define malloc rpl_malloc
For Mac OS X Darwin/Leopard (10.4/10.5) and Solaris 10/OpenSolaris you need
to use --disable-static when configuring AIDE. Please note that dynamic
linking introduces a security risk and is not recommended.
Since Mac OS Leopard (10.5) you also need to use --disable-lfs because it
handles 64 bit file support out of the box.
Source Code Verification
------------------------
We highly recommend checking that the version of AIDE downloaded and
installed is an original and unmodified one. You can either verify the
source tarball or the git tag.
To check the supplied signature with GnuPG:
$ gpg --verify aide-<VERSION_NUMBER>.tar.gz.asc
This checks that the detached signature file is indeed a signature
of aide-<VERSION_NUMBER>.tar.gz.
To validate the gpg signature of the git tag:
$ git verify-tag v<VERSION_NUMBER>
The current public key needed for signature verification is:
pub 4096R/68E7B931 2011-06-28 [expires: 2021-06-27]
uid Hannes von Haugwitz <hannes@vonhaugwitz.com>
If you do not have this key, you can get it from one of the well known PGP
key servers. You have to make sure that the key you install is not a faked
one. You can do this with reasonable assurance by comparing the output of:
$ gpg --fingerprint 0x68E7B931
with the fingerprint published elsewhere.
Requirements
------------
AIDE requires the following development tools:
o C compiler (such as Gcc).
o GNU flex.
o GNU yacc (bison).
o GNU make.
o PCRE library
o Mhash (optional, but highly recommended). Mhash is currently
available from http://mhash.sourceforge.net/. A static version of
libmhash needs to be build using the --enable-static=yes
configure option.
Aide requires at least mhash version 0.9.2
Note:
flex version 2.5.31 is broken, you might see the following error
conf_lex.c: In function `conflex':
conf_lex.c:4728: error: `yy_prev_more_offset' undeclared (first use in
this function)
conf_lex.c:4728: error: (Each undeclared identifier is reported only once
conf_lex.c:4728: error: for each function it appears in.)
Either downgrade to flex 2.5.4 or get an updated version that fixes
this bug.
Large File Support
-----------------
To be able to store the size of files larger than 2GB, aide needs
large file support (LFS) to be available in the OS. The configure
script automatically checks for the correct defines and functions.
If configure fails, and during compile time you see errors containing
the number 64, try configure again with the --disable-lfs option.
This turns off the large file support.
Cross Compilation
-----------------
When cross compiling, manually verify the data types defines in config.h
as they cannot be accurately determined by configure. Most notably,
AIDE_INO_TYPE will be set to "cross".
Feedback and Support
--------------------
End user support is available on the AIDE mailing list:
https://www.ipi.fi/mailman/listinfo/aide
An archive for the mailing list archive is available online:
http://www.ipi.fi/pipermail/aide/
Please report bugs and feature requests to the aide issue tracker
https://github.com/aide/aide/issues
Credits
-------
Please see the AUTHORS file.