AIDE Advanced Intrusion Detection Environment i.e., literal translation for advanced intrusion detection environment, AIDE, is a file integrity testing tool, AIDE to construct a database of the specified file, it uses aide.conf as its configuration file.
AIDE-generated database to save files in a variety of attributes, including: permissions (permission), the index node ordinal (inode number), belongs to the user (user), belongs to group (group), file size, last modified time (mtime), create time (ctime), last access time (atime), increasing the size and number of connections. AIDE also can use the following algorithms: md5, sha1, rmd160, tiger, ciphertext form establishing each file checksum or hash. Once a computer system is attacked, all information will be exposed to an attacker's perspective-if an attacker could very well hidden traces, intrusion is the fact that it is very difficult to find, with time the attacker will find more useful information. Administrator in the system is installed, is connected to a network before you can use this program to establish a new system of AIDE to the database. This database is a system of AIDE a snapshot and future system upgrades. The database should at least contain the information: critical system binary executables, dynamic link libraries, header files and the other always remains the same. (Of course you can also use a number of alternative strategies, such as/dev many terminal equipment just permisson changes, so as long as the check out permission checks will not be inundated with alarm. Once the system is), system administrators can use the ls, lsof, ps, netstat, last, and who, and other system tools system checks, but all of these system tools may be rootkit program instead. You can imagine is modified by the ls program, ps does not show any intrusion process information, even alone is a responsible task of backdoor programs. Even if the system administrator may never through simple file properties to learn whether they have been modified since the file date, size, and other information is very easy to change, such as the use of touch. The system administrator needs to install intrusion detection tools to better improve information security .AIDE, advanced intrusion detection environment, is a file integrity testing tool, a type of intrusion detection program. using AIDE, the system of important files and file-related properties such as permissions, the inode number, user, user group and the number of links, but also create a file encrypted checksum will be created to a database. Second, the AIDE of workflow AIDE of workflows include the following steps: (1) set aide.con (2) the basis for the establishment of a database file aide.conf (3) the Executive file audit to confirm the integrity of the file system if there is an exception (4) return exception (5) check exceptions are normal (6) reset aide.conf, update the database file or the safety of the remedial measures taken.
No comments:
Post a Comment