Installing and configuring Advanced Intrusion Detection Environment utility

Last Updated : Apr 22, 2022 |

About this task

You can use the Advanced Intrusion Detection Environment (AIDE) utility to protect the Usage Metering files from unauthorized changes and cyber attacks.

AIDE creates a database of files based on the files and directories you specify in the /etc/aide.conf file, and uses the database to ensure file integrity and detect system intrusions.

AIDE validates the integrity of a file to determine whether it is altered after its creation, curation, archiving, or any other qualifying event.

Procedure

  1. To install AIDE, at the Usage Metering Collector server CLI command prompt, run the following command:

    yum install aide

  2. Optional To view the version number of the installed AIDE utility, run the following command:

    aide -v

  3. To edit the /etc/aide.conf file, run the following command:

    vi /etc/aide.conf

  4. Add the following to the /etc/aide.conf file: 
    add
# Just do md5 and sha256 hashes
LSPP = R+sha256
/opt/apache-tomcat/usage-metering/ LSPP
/opt/Avaya/usage-metering/bin/ LSPP
  5. To initialize the AIDE database, run the following command:

    aide --init

    The preceding command creates an initial /var/lib/aide/aide.db.new.gz database.

  6. Because AIDE performs checks on the /var/lib/aide/aide.db.gz database, rename the database to /var/lib/aide/aide.db.gz by running the following command:

    mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

  7. To manually check the AIDE database for any updates, run the following command:

    aide --check

  8. If there are any changes to the already selected files or addition of new file definitions in the configuration file, manually update the AIDE database by running the following command:

    aide --update

    The preceding command creates the /var/lib/aide/aide.db.new.gz database.

  9. To start using the updated database for integrity checks, rename the AIDE database to /var/lib/aide/aide.db.gz by running the following command:

    mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz