ubuntu:aide_advanced_intrusion_detection_environment
AIDE (Advanced Intrusion Detection Environment)
AIDE (Advanced Intrusion Detection Environment) is an Intrusion Detection System (IDS). Which means that AIDE is not a tool to prevent an intrusion but is actually here to report that an intrusion might have happened.
- AIDE can be used to help track file integrity.
- AIDE stores a checksum of every file on the system with a choice of several hash methods.
- Periodically AIDE will compare the snapshot it has against each file to what the file is current reporting. If there is a difference then the file has changed.
NOTE: It is important to update the checksums that AIDE uses every now and then to ensure that they are kept up to date.
ubuntu/aide_advanced_intrusion_detection_environment.txt · Last modified: 2022/06/13 10:06 by peter