SlideShare a Scribd company logo

Aide

T
Torstein Hansen

Intro til aide

Software
1 of 8
Download to read offline
AIDE In 5 min
About ● AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and intrusion detection program ● Open Source version of old tripwire (they stopped giving it out for free) ● Scan's all files when you ask it to check ● Included in redhat (and most other linux distros) ● Doesn’t use inotify but actually scans the file system :(
Installation yum install aide
Configuration ● Config file /etc/aide.conf Examples: #p: permissions #i: inode: #n: number of links #u: user R = p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5 NORMAL = R+rmd160+sha256 LSPP = R+sha256 /boot NORMAL !/usr/src /etc/exports NORMAL
Initialization ● /usr/sbin/aide --init ● Copy /etc/aide.conf, /usr/sbin/aide og /var/lib/aide/aide.db.new.gz to somewhere the hacker can't reach ● cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
Check /usr/sbin/aide --check
Examples - ok root@e3639.test audit# /usr/sbin/aide --check AIDE, version 0.14 ### All files match AIDE database. Looks okay! root@e3639.test audit# echo $? 0
Examples - error root@e3639.test audit# /usr/sbin/aide --check File /etc/exports in databases has different attributes, 340205bbd,240205bbd AIDE found differences between database and filesystem!! Start timestamp: 2013-07-15 15:34:44 Summary: Total number of files: 34733 Added files: 0 Removed files: 0 Changed files: 1 --------------------------------------------------- Changed files: --------------------------------------------------- changed: /etc/exports -------------------------------------------------- Detailed information about changes: --------------------------------------------------- File: /etc/exports Size : 0 , 6 Mtime : 2010-01-12 14:28:22 , 2013-07-15 15:34:41 Ctime : 2013-07-15 14:31:36 , 2013-07-15 15:34:41 Inode : 655386 , 656673 MD5 : 1B2M2Y8AsgTpgAmY7PhCfg== , 5uWc72GV8mpdqdgqdbmzsQ== RMD160 : nBGFpcXp/FRhKAiXfuj1SLIljTE= , aA5YkaTWmNi9lmKpCp71EX2i8xA= SHA256 : 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NM , z3ceDKelQcXnhgn29vAFNkXskiit8BPN SELinux : system_u:object_r:exports_t:s0 , <NULL> root@e3639.test audit# echo $? 4

Recommended

Linux
LinuxLinux
LinuxGiridaran Manivannan
 
Volatility101
Volatility101Volatility101
Volatility101April Mardock CISSP
 
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]RootedCON
 
Is rust language really safe?
Is rust language really safe? Is rust language really safe?
Is rust language really safe? Nullbyte Security Conference
 
Radare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephRadare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephAnthony Jose
 
Docker on Windows
Docker on WindowsDocker on Windows
Docker on WindowsCarl Su
 
Docker e postgresql
Docker e postgresqlDocker e postgresql
Docker e postgresqlFernando Ike
 
AVTOKYO2013.5 Detail of CVE-2013-4787 (Master Key Vulnerability)
AVTOKYO2013.5 Detail of CVE-2013-4787 (Master Key Vulnerability)AVTOKYO2013.5 Detail of CVE-2013-4787 (Master Key Vulnerability)
AVTOKYO2013.5 Detail of CVE-2013-4787 (Master Key Vulnerability)雅太 西田
 

Recommended

Linux
LinuxLinux
LinuxGiridaran Manivannan
 
Volatility101
Volatility101Volatility101
Volatility101April Mardock CISSP
 
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]RootedCON
 
Is rust language really safe?
Is rust language really safe? Is rust language really safe?
Is rust language really safe? Nullbyte Security Conference
 
Radare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephRadare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephAnthony Jose
 
Docker on Windows
Docker on WindowsDocker on Windows
Docker on WindowsCarl Su
 
Docker e postgresql
Docker e postgresqlDocker e postgresql
Docker e postgresqlFernando Ike
 
AVTOKYO2013.5 Detail of CVE-2013-4787 (Master Key Vulnerability)
AVTOKYO2013.5 Detail of CVE-2013-4787 (Master Key Vulnerability)AVTOKYO2013.5 Detail of CVE-2013-4787 (Master Key Vulnerability)
AVTOKYO2013.5 Detail of CVE-2013-4787 (Master Key Vulnerability)雅太 西田
 
FreeBSD ports
FreeBSD portsFreeBSD ports
FreeBSD portswdv4758h
 
Linux Introduction - Yousefpour - Rahnema College
Linux Introduction - Yousefpour - Rahnema CollegeLinux Introduction - Yousefpour - Rahnema College
Linux Introduction - Yousefpour - Rahnema CollegeMasoud Yousefpour
 
tizen-oshw-tds14sh
tizen-oshw-tds14shtizen-oshw-tds14sh
tizen-oshw-tds14shPhil www.rzr.online.fr
 
Null Xposed Framework internals and writing modules
Null Xposed Framework internals and writing modulesNull Xposed Framework internals and writing modules
Null Xposed Framework internals and writing modulesAbhinav Chourasia, GMOB
 
Linux basics and commands - from lynxbee.com
Linux basics and commands - from lynxbee.comLinux basics and commands - from lynxbee.com
Linux basics and commands - from lynxbee.comGreen Ecosystem
 
Tips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyTips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyOlivier Bourgeois
 
BeagleBone Black: Platform Bring-Up with Upstream Components
BeagleBone Black: Platform Bring-Up with Upstream ComponentsBeagleBone Black: Platform Bring-Up with Upstream Components
BeagleBone Black: Platform Bring-Up with Upstream ComponentsGlobalLogic Ukraine
 
BeagleBone Black with Upstream Software
BeagleBone Black with Upstream SoftwareBeagleBone Black with Upstream Software
BeagleBone Black with Upstream SoftwareGlobalLogic Ukraine
 
You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...Speck&Tech
 
OSS AWS 핸즈온 강의
OSS AWS 핸즈온 강의OSS AWS 핸즈온 강의
OSS AWS 핸즈온 강의Juhong Jung
 
Getting started with AppArmor
Getting started with AppArmorGetting started with AppArmor
Getting started with AppArmorFrancesco Pira
 
Unix Ramblings
Unix RamblingsUnix Ramblings
Unix RamblingsBill Miller
 
Virtual domains
Virtual domainsVirtual domains
Virtual domainsLuca Pescatore
 
Confraria SECURITY & IT - Lisbon Set 29, 2011
Confraria SECURITY & IT - Lisbon Set 29, 2011Confraria SECURITY & IT - Lisbon Set 29, 2011
Confraria SECURITY & IT - Lisbon Set 29, 2011ricardomcm
 
Useful linux-commands
Useful linux-commandsUseful linux-commands
Useful linux-commandsHimani Singh
 
Linux fundamental - Chap 04 archive
Linux fundamental - Chap 04 archiveLinux fundamental - Chap 04 archive
Linux fundamental - Chap 04 archiveKenny (netman)
 
A Look at Command Line Swift
A Look at Command Line SwiftA Look at Command Line Swift
A Look at Command Line SwiftJoshuaKaplan22
 
Hacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionHacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionLevente Kurusa
 
Chw00t: How to break out from various chroot solutions
Chw00t: How to break out from various chroot solutionsChw00t: How to break out from various chroot solutions
Chw00t: How to break out from various chroot solutionsBalazs Bucsay
 
Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsPaulWay
 
Cru00 e9puscule (sc)
Cru00 e9puscule (sc)Cru00 e9puscule (sc)
Cru00 e9puscule (sc)VASILE Viorel
 
intro of Kingthai
intro of Kingthaiintro of Kingthai
intro of KingthaiJason Wang
 

More Related Content

What's hot

FreeBSD ports
FreeBSD portsFreeBSD ports
FreeBSD portswdv4758h
 
Linux Introduction - Yousefpour - Rahnema College
Linux Introduction - Yousefpour - Rahnema CollegeLinux Introduction - Yousefpour - Rahnema College
Linux Introduction - Yousefpour - Rahnema CollegeMasoud Yousefpour
 
Null Xposed Framework internals and writing modules
Null Xposed Framework internals and writing modulesNull Xposed Framework internals and writing modules
Null Xposed Framework internals and writing modulesAbhinav Chourasia, GMOB
 
Linux basics and commands - from lynxbee.com
Linux basics and commands - from lynxbee.comLinux basics and commands - from lynxbee.com
Linux basics and commands - from lynxbee.comGreen Ecosystem
 
Tips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyTips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyOlivier Bourgeois
 
BeagleBone Black: Platform Bring-Up with Upstream Components
BeagleBone Black: Platform Bring-Up with Upstream ComponentsBeagleBone Black: Platform Bring-Up with Upstream Components
BeagleBone Black: Platform Bring-Up with Upstream ComponentsGlobalLogic Ukraine
 
BeagleBone Black with Upstream Software
BeagleBone Black with Upstream SoftwareBeagleBone Black with Upstream Software
BeagleBone Black with Upstream SoftwareGlobalLogic Ukraine
 
You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...Speck&Tech
 
OSS AWS 핸즈온 강의
OSS AWS 핸즈온 강의OSS AWS 핸즈온 강의
OSS AWS 핸즈온 강의Juhong Jung
 
Getting started with AppArmor
Getting started with AppArmorGetting started with AppArmor
Getting started with AppArmorFrancesco Pira
 
Confraria SECURITY & IT - Lisbon Set 29, 2011
Confraria SECURITY & IT - Lisbon Set 29, 2011Confraria SECURITY & IT - Lisbon Set 29, 2011
Confraria SECURITY & IT - Lisbon Set 29, 2011ricardomcm
 
Useful linux-commands
Useful linux-commandsUseful linux-commands
Useful linux-commandsHimani Singh
 
Linux fundamental - Chap 04 archive
Linux fundamental - Chap 04 archiveLinux fundamental - Chap 04 archive
Linux fundamental - Chap 04 archiveKenny (netman)
 
A Look at Command Line Swift
A Look at Command Line SwiftA Look at Command Line Swift
A Look at Command Line SwiftJoshuaKaplan22
 
Hacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionHacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionLevente Kurusa
 
Chw00t: How to break out from various chroot solutions
Chw00t: How to break out from various chroot solutionsChw00t: How to break out from various chroot solutions
Chw00t: How to break out from various chroot solutionsBalazs Bucsay
 
Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsPaulWay
 

What's hot (20)

FreeBSD ports
FreeBSD portsFreeBSD ports
FreeBSD ports
 
Linux Introduction - Yousefpour - Rahnema College
Linux Introduction - Yousefpour - Rahnema CollegeLinux Introduction - Yousefpour - Rahnema College
Linux Introduction - Yousefpour - Rahnema College
 
tizen-oshw-tds14sh
tizen-oshw-tds14shtizen-oshw-tds14sh
tizen-oshw-tds14sh
 
Null Xposed Framework internals and writing modules
Null Xposed Framework internals and writing modulesNull Xposed Framework internals and writing modules
Null Xposed Framework internals and writing modules
 
Linux basics and commands - from lynxbee.com
Linux basics and commands - from lynxbee.comLinux basics and commands - from lynxbee.com
Linux basics and commands - from lynxbee.com
 
Tips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyTips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development Efficiency
 
BeagleBone Black: Platform Bring-Up with Upstream Components
BeagleBone Black: Platform Bring-Up with Upstream ComponentsBeagleBone Black: Platform Bring-Up with Upstream Components
BeagleBone Black: Platform Bring-Up with Upstream Components
 
BeagleBone Black with Upstream Software
BeagleBone Black with Upstream SoftwareBeagleBone Black with Upstream Software
BeagleBone Black with Upstream Software
 
You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...
 
OSS AWS 핸즈온 강의
OSS AWS 핸즈온 강의OSS AWS 핸즈온 강의
OSS AWS 핸즈온 강의
 
Getting started with AppArmor
Getting started with AppArmorGetting started with AppArmor
Getting started with AppArmor
 
Unix Ramblings
Unix RamblingsUnix Ramblings
Unix Ramblings
 
Virtual domains
Virtual domainsVirtual domains
Virtual domains
 
Confraria SECURITY & IT - Lisbon Set 29, 2011
Confraria SECURITY & IT - Lisbon Set 29, 2011Confraria SECURITY & IT - Lisbon Set 29, 2011
Confraria SECURITY & IT - Lisbon Set 29, 2011
 
Useful linux-commands
Useful linux-commandsUseful linux-commands
Useful linux-commands
 
Linux fundamental - Chap 04 archive
Linux fundamental - Chap 04 archiveLinux fundamental - Chap 04 archive
Linux fundamental - Chap 04 archive
 
A Look at Command Line Swift
A Look at Command Line SwiftA Look at Command Line Swift
A Look at Command Line Swift
 
Hacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionHacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An Introduction
 
Chw00t: How to break out from various chroot solutions
Chw00t: How to break out from various chroot solutionsChw00t: How to break out from various chroot solutions
Chw00t: How to break out from various chroot solutions
 
Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For Sysadmins
 

Viewers also liked

Cru00 e9puscule (sc)
Cru00 e9puscule (sc)Cru00 e9puscule (sc)
Cru00 e9puscule (sc)VASILE Viorel
 
intro of Kingthai
intro of Kingthaiintro of Kingthai
intro of KingthaiJason Wang
 
Ken Courtright at LaCosta GMP
Ken Courtright at LaCosta GMPKen Courtright at LaCosta GMP
Ken Courtright at LaCosta GMPKen Courtright
 
TE ACORDARÁS DE ELLOS
TE ACORDARÁS DE ELLOSTE ACORDARÁS DE ELLOS
TE ACORDARÁS DE ELLOS19JESUS52
 
Croaziera pe tamisa (sc)
Croaziera pe tamisa (sc)Croaziera pe tamisa (sc)
Croaziera pe tamisa (sc)VASILE Viorel
 
Unidad ii ejercicios. trabajo de criyimar
Unidad ii ejercicios. trabajo de criyimarUnidad ii ejercicios. trabajo de criyimar
Unidad ii ejercicios. trabajo de criyimarFernando Perez
 
Project- Aston Martin Marketing Plan
Project- Aston Martin Marketing Plan Project- Aston Martin Marketing Plan
Project- Aston Martin Marketing Plan Brinda Mathew
 

Viewers also liked (11)

Cru00 e9puscule (sc)
Cru00 e9puscule (sc)Cru00 e9puscule (sc)
Cru00 e9puscule (sc)
 
intro of Kingthai
intro of Kingthaiintro of Kingthai
intro of Kingthai
 
Ken Courtright at LaCosta GMP
Ken Courtright at LaCosta GMPKen Courtright at LaCosta GMP
Ken Courtright at LaCosta GMP
 
Pci dss intro v2
Pci dss intro v2Pci dss intro v2
Pci dss intro v2
 
Crash vintage
Crash vintageCrash vintage
Crash vintage
 
SCAQMD CO OP REPORT
SCAQMD CO OP REPORTSCAQMD CO OP REPORT
SCAQMD CO OP REPORT
 
TE ACORDARÁS DE ELLOS
TE ACORDARÁS DE ELLOSTE ACORDARÁS DE ELLOS
TE ACORDARÁS DE ELLOS
 
Croaziera pe tamisa (sc)
Croaziera pe tamisa (sc)Croaziera pe tamisa (sc)
Croaziera pe tamisa (sc)
 
Unidad ii ejercicios. trabajo de criyimar
Unidad ii ejercicios. trabajo de criyimarUnidad ii ejercicios. trabajo de criyimar
Unidad ii ejercicios. trabajo de criyimar
 
Logstash
LogstashLogstash
Logstash
 
Project- Aston Martin Marketing Plan
Project- Aston Martin Marketing Plan Project- Aston Martin Marketing Plan
Project- Aston Martin Marketing Plan
 

Similar to Aide

Linux Getting Started
Linux Getting StartedLinux Getting Started
Linux Getting StartedAngus Li
 
Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalationnullthreat
 
Intrusion Discovery Cheat Sheet for Linux
Intrusion Discovery Cheat Sheet for LinuxIntrusion Discovery Cheat Sheet for Linux
Intrusion Discovery Cheat Sheet for LinuxMuhammad FAHAD
 
Basic linux commands for bioinformatics
Basic linux commands for bioinformaticsBasic linux commands for bioinformatics
Basic linux commands for bioinformaticsBonnie Ng
 
Get Started with Linux Management Command line Basic Knowledge
Get Started with Linux Management Command line Basic KnowledgeGet Started with Linux Management Command line Basic Knowledge
Get Started with Linux Management Command line Basic KnowledgeDavid Clark
 
Wrangling 3rd Party Installers from Puppet
Wrangling 3rd Party Installers from PuppetWrangling 3rd Party Installers from Puppet
Wrangling 3rd Party Installers from PuppetPuppet
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guideCraig Cannon
 
Grub and dracut ii
Grub and dracut iiGrub and dracut ii
Grub and dracut iiplarsen67
 
Linux: A Getting Started Presentation
Linux: A Getting Started PresentationLinux: A Getting Started Presentation
Linux: A Getting Started PresentationNap Ramirez
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Jose L. Quiñones-Borrero
 
I Am Linux-Introductory Module on Linux
I Am Linux-Introductory Module on LinuxI Am Linux-Introductory Module on Linux
I Am Linux-Introductory Module on LinuxSagar Kumar
 
Linux Fundamentals - Extra.pdf
Linux Fundamentals - Extra.pdfLinux Fundamentals - Extra.pdf
Linux Fundamentals - Extra.pdfMohamedMaged98
 

Similar to Aide (20)

An Introduction To Linux
An Introduction To LinuxAn Introduction To Linux
An Introduction To Linux
 
Linux Getting Started
Linux Getting StartedLinux Getting Started
Linux Getting Started
 
Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalation
 
Linux Presentation
Linux PresentationLinux Presentation
Linux Presentation
 
Adhocr T-dose 2012
Adhocr T-dose 2012Adhocr T-dose 2012
Adhocr T-dose 2012
 
Linux
LinuxLinux
Linux
 
Intrusion Discovery Cheat Sheet for Linux
Intrusion Discovery Cheat Sheet for LinuxIntrusion Discovery Cheat Sheet for Linux
Intrusion Discovery Cheat Sheet for Linux
 
Basic linux commands for bioinformatics
Basic linux commands for bioinformaticsBasic linux commands for bioinformatics
Basic linux commands for bioinformatics
 
Fun with FUSE
Fun with FUSEFun with FUSE
Fun with FUSE
 
Get Started with Linux Management Command line Basic Knowledge
Get Started with Linux Management Command line Basic KnowledgeGet Started with Linux Management Command line Basic Knowledge
Get Started with Linux Management Command line Basic Knowledge
 
Wrangling 3rd Party Installers from Puppet
Wrangling 3rd Party Installers from PuppetWrangling 3rd Party Installers from Puppet
Wrangling 3rd Party Installers from Puppet
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guide
 
Grub and dracut ii
Grub and dracut iiGrub and dracut ii
Grub and dracut ii
 
File000127
File000127File000127
File000127
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part I
 
Linux: A Getting Started Presentation
Linux: A Getting Started PresentationLinux: A Getting Started Presentation
Linux: A Getting Started Presentation
 
Tutorial 2
Tutorial 2Tutorial 2
Tutorial 2
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
 
I Am Linux-Introductory Module on Linux
I Am Linux-Introductory Module on LinuxI Am Linux-Introductory Module on Linux
I Am Linux-Introductory Module on Linux
 
Linux Fundamentals - Extra.pdf
Linux Fundamentals - Extra.pdfLinux Fundamentals - Extra.pdf
Linux Fundamentals - Extra.pdf
 

Recently uploaded

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Intelisync
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 

Recently uploaded (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 

Aide

  • 2. About ● AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and intrusion detection program ● Open Source version of old tripwire (they stopped giving it out for free) ● Scan's all files when you ask it to check ● Included in redhat (and most other linux distros) ● Doesn’t use inotify but actually scans the file system :(
  • 4. Configuration ● Config file /etc/aide.conf Examples: #p: permissions #i: inode: #n: number of links #u: user R = p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5 NORMAL = R+rmd160+sha256 LSPP = R+sha256 /boot NORMAL !/usr/src /etc/exports NORMAL
  • 5. Initialization ● /usr/sbin/aide --init ● Copy /etc/aide.conf, /usr/sbin/aide og /var/lib/aide/aide.db.new.gz to somewhere the hacker can't reach ● cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
  • 7. Examples - ok root@e3639.test audit# /usr/sbin/aide --check AIDE, version 0.14 ### All files match AIDE database. Looks okay! root@e3639.test audit# echo $? 0
  • 8. Examples - error root@e3639.test audit# /usr/sbin/aide --check File /etc/exports in databases has different attributes, 340205bbd,240205bbd AIDE found differences between database and filesystem!! Start timestamp: 2013-07-15 15:34:44 Summary: Total number of files: 34733 Added files: 0 Removed files: 0 Changed files: 1 --------------------------------------------------- Changed files: --------------------------------------------------- changed: /etc/exports -------------------------------------------------- Detailed information about changes: --------------------------------------------------- File: /etc/exports Size : 0 , 6 Mtime : 2010-01-12 14:28:22 , 2013-07-15 15:34:41 Ctime : 2013-07-15 14:31:36 , 2013-07-15 15:34:41 Inode : 655386 , 656673 MD5 : 1B2M2Y8AsgTpgAmY7PhCfg== , 5uWc72GV8mpdqdgqdbmzsQ== RMD160 : nBGFpcXp/FRhKAiXfuj1SLIljTE= , aA5YkaTWmNi9lmKpCp71EX2i8xA= SHA256 : 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NM , z3ceDKelQcXnhgn29vAFNkXskiit8BPN SELinux : system_u:object_r:exports_t:s0 , <NULL> root@e3639.test audit# echo $? 4