1 / 5

Advanced Intrusion Detection Environment

Advanced Intrusion Detection Environment. AIDE http://www.cs.tut.fi/~rammer/aide.html. AIDE. Uses regular expression rules to check file integrity Replaces Tripwire Constructs a database of directories specified in configuration file Database consists of file attributes

lulu
Download Presentation

Advanced Intrusion Detection Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Advanced Intrusion Detection Environment AIDE http://www.cs.tut.fi/~rammer/aide.html

  2. AIDE • Uses regular expression rules to check file integrity • Replaces Tripwire • Constructs a database of directories specified in configuration file • Database consists of file attributes • Creates a cryptographic checksum of each file

  3. Simple Sample AIDE Configuration File /oracle p

  4. Creating a New Database root@neptune:/usr/local/etc: # aide –i AIDE, version 0.10 ### AIDE database initialized. root@neptune:/usr/local/etc: # ls aide.conf aide.db.new root@neptune:/usr/local/etc: # mv aide.db.new aide.db root@neptune:/usr/local/etc: # aide –check AIDE, version 0.10 ### All files match AIDE database. Looks okay!

  5. Altering the File System and Checking Again root@neptune:/oracle: # ls -l … -r--r--r-- 1 root other 143111 Jun 2 10:26 saudimap.gif … root@neptune:/oracle: # chmod 777 saudimap.gif root@neptune:/oracle: # aide –check AIDE found differences between database and filesystem!! Start timestamp: 2005-06-22 14:00:50 Summary: Total number of files=18,added files=0,removed files=0,changed files=1 Changed files: changed:/oracle/saudimap.gif Detailed information about changes: File: /oracle/saudimap.gif Permissions: -r--r--r--, -rwxrwxrwx

More Related