Tuesday, August 24, 2010

How To Configure The AIDE (Advanced Intrusion Detection Environment) File Integrity Scanner For Your Website

Security

A file integrity scanner is something you need to have.  Imagine a hacker placing a backdoor on your web site, or changing your order form to email him a copy of everyone's credit card while leaving it appear to be functionally normally.

By setting up daily reporting, this notifies you within, at most, 24 hours of when any file was changed, added, or removed.  It also helps establish an audit trail in the event your site is compromised.

These instructions are designed for an end user, where you don't need to have root access, to implement and assumes your server has the aide binary installed.  Most hosts will have this installed already, or will install it for you upon request.

 

Step 1: Download A Sample AIDE config file

We will start with a simple one, this will scan your web root directory for md5 hash changes.

To download the file, SSH into your account and run:

$ wget securehostingdirectory.com/aide.conf

What you will want to change in this file, is replace "username" on the first line, and confirm that is the path to your root directory.

Then on the last line, confirm that public_html is your web root directory.  If your host uses the cPanel control panel, then public_html is your web root.

 

Step 2: Initialize the AIDE database

The command to initialize the AIDE database is:

$ nice -19 aide --init --config

1 comment:

  1. Interesting and important information. It is really beneficial for us. Thanks Intrusion Detection

    ReplyDelete