Linux Today: Linux News On Internet Time.

Weekend Project: Intrusion Detection on Linux with AIDE

Dec 04, 2010, 07:02 (0 Talkback[s])
(Other stories by Nathan Willis)

" Front-line measures like firewalling, strong authentication, and staying on top of security updates are mandatory steps to keeping your system secure. But you also need to check your system's health frequently and make sure a compromise didn't slip past you unnoticed. A good place to start is with an intrusion detection system (IDS) that monitors your machine's resources and flags any changes that might indicate an intruder or a rootkit. The Advanced Intrusion Detection Environment (AIDE) is an open source IDS that you can set up in a weekend.

"Before we get started, though, it's vital to understand how an IDS like AIDE functions. AIDE is a host-based IDS, which basically means that it scans the filesystem and logs the attributes of important files, directories, and devices. Each time it runs, it compares its findings against the previous, "known good" data, and alerts you if something has changes. But the downside is that if your system is already compromised before you install and run AIDE initially, you won't be able to detect it."

Complete Story

Related Stories: