[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[YouTube] Beyond official channel “Biyomaru Channel”

Enhance your Linux security and better manage it with aide!

security

Security has been a hot topic for a long time, not even recently. Particularly in this era of digitalization in Japan, there are always opportunities for many people to interact with systems.

I am a Linux server management engineer, and Linux is my favorite OS. Every OS has its drawbacks and advantages, but I like Linux because I find it easy to use.

However, even beginners can manage Linux, but on the other hand, it is too free and everyone can come up with best practices on their own. Also, since there are some differences in the content studied by each individual, it is impossible to manage the system in exactly the same way.

In a production (operation) environment, there is a high probability that the system is not run by just one person, and is often managed by multiple engineers. As someone who manages Linux, everyone has their own ``best method'' and ``rules,'' but the usage and specifications of Linux differ depending on the purpose of the system, environment, and various other aspects.

In situations like this...

  • “I just need to write the settings somewhere!”
  • “You can never change it!”
  • "Get permission before making changes!"
  • "Who made the change?"
  • others!

It may seem difficult to manage Linux, but AIDE is a tool that stands out!

What is aide?

In Europe and America, CIS , which is managed by security-related communities and provides benchmark materials for various systems. Best practice benchmarks for OS and even middleware are provided in detail.

Especially from the side of managing server-based OSes, there are a lot of server settings from various server types. Therefore, I think that even if you refer to benchmark materials and use them as a baseline for security enhancements that you are not aware of, you will definitely only get positive results.

Some Linux documentation always recommends the use of a tool called AIDE.

aide is a file tampering detection tool called Advanced Intrusion Detection Environment.

It is an important tool especially used by the Pentagon.

The SHA of a file changes when any file is edited, so AIDE, which runs cron, extracts the SHA of the specified file or all files in the file path, compares it in AIDE's database, and records it. .

example:

aide-sample-summary

As shown in the image above, you can check which files have changed.

Watch using aide!

1. Install aide!

Since AIDE is a very useful or necessary tool, it exists in the standard repositories of Linux distributions such as DEB and RHEL, so it can be easily installed.

RHEL series

yum install aide

Debian series

apt install aide

Once installed, please check the version!

aide -v

2. Check and edit aide settings.

/etc/aide/aide.conf

or

/etc/aide.conf

There is an AIDE setting in .

Default settings are provided during installation, so you can use them as is.

You can also change the configuration file, database, etc. depending on your needs and preferences.

3. Initialize aide

RHEL series

aide --init

Debian series

aidinit

The first time you run it, it will take some time as it records the SHA of all files in the database.

4. Check for tampered files with aide!

RHEL series

aide --check

Debian series

aide.wrapper --check

Manage files using aide results

With AIDE, you can see which files have changed, but if there is a problem, it is normal to restore it from a backup, but if you cannot take a backup, use " etckeeper " (explained in another blog). By using this, it is possible to restore files saved in git.

 

Can you monitor aide and notify me if anything changes?

/etc/default/aide

Settings for e-mail notification are described in .

You can also have the monitoring tool notify you if an abnormality is detected.

This will be a monitoring issue, so I will write about it in my next blog!

Well then!

If you found this article helpful , please give it a like!
6
Loading...
6 votes, average: 1.00 / 16
4,464
X facebook Hatena Bookmark pocket
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

The person who wrote this article

About the author

Khirmer

Kilmer was originally in Japan.
She is currently in Canada. He works as an engineer for Beyond MSP in Canada.

My previous job was servicing large printers, but now I work as an IT engineer related to Linux and the Internet.

Currently, I am happily devoting myself to Node.js development.

When I'm not working, I enjoy spending time with my family, cats, anime, and driving. I also do various things such as photography.