yum install -y aide
cat /etc/aide.conf | grep hosts
/etc/hosts$ CONTENT_EX
/etc/hosts.allow$ CONTENT_EX
/etc/hosts.deny$ CONTENT_EX
初始化数据库
aide -i
AIDE, version 0.15.1
AIDE database at /var/lib/aide/aide.db.new.gz initialized.
检查配置数据库
aide –check
[root@VM-20-13-centos etc]# aide –check
Couldn’t open file /var/lib/aide/aide.db.gz for reading(这里会报错,它去找这个文件去了)
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
再aide –check
其实还是报错的
Couldn’t open file /var/lib/aide/aide.db.gz for reading
所以这里创建软链接
ln -s /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2024-04-26 20:53:31
Summary:
Total number of files: 92103
Added files: 0
Removed files: 0
Changed files: 10
Changed files:
changed: /usr/local/qcloud/YunJing/cache/cron_file.db
changed: /usr/local/qcloud/YunJing/cache/image_block_rules.db
changed: /usr/local/qcloud/YunJing/log/hids.log
changed: /usr/local/qcloud/YunJing/log/ydlive.log
changed: /usr/local/qcloud/YunJing/log/ydservice.20240426.log
changed: /usr/local/qcloud/monitor/barad/log/20240426_record.db
changed: /usr/local/qcloud/monitor/barad/log/dispatcher.log
changed: /usr/local/qcloud/monitor/barad/log/executor.log
changed: /usr/local/qcloud/stargate/logs/stargate.log
changed: /usr/local/qcloud/tat_agent/log/tat_agent.log
Detailed information about changes:
内容如下:
File: /usr/local/qcloud/YunJing/cache/cron_file.db
SHA256 : BU9wG/z7+X8KnPn/3rSF3GXWnI4F8Y2x , rJb9oB3MVg23poqZdsK64D6V/ebuq+U1
File: /usr/local/qcloud/YunJing/cache/image_block_rules.db
SHA256 : EqI2k3fGMYnErE8ACtqn1hWbhQuqH0lW , quSGcBxxiWs/rFrSgIhQDc5VaIxRRtvR
File: /usr/local/qcloud/YunJing/log/hids.log
SHA256 : +ebgwk3id4ZuQw3T6eGT0igIoc7utKJF , 7uhaZxP3OO6QdlIqPb4pqxf4AV77DiSP
File: /usr/local/qcloud/YunJing/log/ydlive.log
SHA256 : G5JscdTIu1LIH+JZUuDHL14YukPZFwHq , 5jqQZYB08Vwdakr275/40OaEE0id2FLi
File: /usr/local/qcloud/YunJing/log/ydservice.20240426.log
SHA256 : 4ghd0sAaVXG0+SzFVryUDe88lfPUYwDE , cfH5m0FaSIBrmJCDuyLeON3TTgQFP11/
File: /usr/local/qcloud/monitor/barad/log/20240426_record.db
SHA256 : uNnbi8WXt5gTSB+QrUNm2V3MiP1FfiCP , 9UG5IQVZyvUrvsVaH4p/ECjCUXzPQSLP
File: /usr/local/qcloud/monitor/barad/log/dispatcher.log
SHA256 : LOKgjHnrel2uhNQKDHKO/yxW2vn4qx7J , pnsMroHOAOhmJ7zSmgA48FvYL1VaU8Ku
File: /usr/local/qcloud/monitor/barad/log/executor.log
SHA256 : 3O9uJ39rT4uftKJqhTShGorXMzJeUt5j , 5fo7ainXY8X8ZjoohAPBR0Cs0aYthRDL
File: /usr/local/qcloud/stargate/logs/stargate.log
SHA256 : zRQPNO/KXSnuPbKHlDYF43seSB2SpqRo , iqXS8SZj8mYsfHZjnF6/qPC8+hmpYyvP
File: /usr/local/qcloud/tat_agent/log/tat_agent.log
SHA256 : 6EXVKZdwCG5O1N4KyoRYCodsxm0jHnxs , 0sAbchFDlftvNYohVIoia0x/13IW0u8Q
系统在运行会不断的输出,多少会有点变化
cat /etc/hosts
127.0.0.1 VM-20-13-centos VM-20-13-centos
127.0.0.1 localhost.localdomain localhost
127.0.0.1 localhost4.localdomain4 localhost4
::1 VM-20-13-centos VM-20-13-centos
::1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
更新数据库实际上是先检查然后更新,即先检查文件变化,然后更新输出到新的数据库文件。
aide –update
如echo 123 >> /etc/hosts
再aide –check
这里就会显示
Changed files:
changed: /etc/hosts
File: /etc/hosts
SHA256 : 4zri6nmuXwhLFnnIa1PBat0eE6Oe2TSa , rbaKjsYzXPiHjyuAltEO+N8OtTkoIGax
![图片[1]-AIDE系统入侵检测工具安装和使用-晴天生活分享日志](https://osaka2.cn/wp-content/uploads/2024/04/image-1.png)
感谢您的来访,获取更多精彩文章请收藏本站。
1. 资源都是经过站长或作者收集测试修改后发布分享。转载请在文内以超链形式注明出处,谢谢合作!
2. 本站除原创内容,其余所有内容均收集自互联网,仅限用于学习和研究目的,本站不对其内容的合法性承担任何责任。如有版权内容,请通知我们或作者删除,其版权均归原作者所有,本站虽力求保存原有版权信息,但因众多资源经多次转载,已无法确定其真实来源,或已将原有信息丢失,所以敬请原作者谅解!
3. 本站用户所发布的一切资源内容不代表本站立场,并不代表本站赞同其观点和对其真实性负责,若您对本站所载资源作品版权归属存有异议,请留言附说明联系邮箱,我们将在第一时间予以处理 ,同时向您表示歉意!为尊重作者版权,请购买原版作品,支持您喜欢的作者,谢谢!
4. 本站一律禁止以任何方式发布或转载任何违法的相关信息,访客如有发现请立即向站长举报;本站资源文件大多存储在云盘,如发现链接或图片失效,请联系作者或站长及时更新。
测试-晴天生活分享日志">
彩虹易支付使用教程-晴天生活分享日志">
暂无评论内容