在Ubuntu 20.04上安装和配置AIDE

在本教程中,您将学习如何在Ubuntu 20.04上安装和配置AIDE。 助手 代表 一个进阶 一世挤压 d保护 Ë环境。

AIDE是一种入侵检测系统,可检测本地系统上文件的更改。它根据从配置文件中找到的正则表达式规则创建数据库。初始化该数据库后,就可以用来验证文件的完整性。它具有多种消息摘要算法(md5,sha1,rmd160,tiger,haval等),用于检查文件的完整性。可以相对轻松地添加更多算法。还可以检查所有通常的文件属性是否存在不一致。 AIDE可以检查的某些文件属性包括文件许可权,索引节点,修改时间,文件内容,用户,组,文件大小…

在Ubuntu 20.04上安装和配置AIDE

运行系统更新

在开始在Ubuntu 20.04上安装和配置AIDE之前,请更新和升级系统软件包

sudo apt update
sudo apt upgrade

在Ubuntu 20.04上安装AIDE

AIDE在默认的Ubuntu存储库中可用。

apt-cache policy aide
aide:
  Installed: (none)
  Candidate: 0.16.1-1build2
  Version table:
     0.16.1-1build2 500
        500 http://ke.archive.ubuntu.com/ubuntu focal/main amd64 Packages

因此,您只需执行以下命令即可安装它;

sudo apt install aide

在Ubuntu 20.04上配置AIDE

AIDE已成功安装。

您可以通过执行以下命令来检查已安装的版本以及用于编译AIDE的选项。

aide -v
Aide 0.16.1

Compiled with the following options:

WITH_MMAP
WITH_PCRE
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_E2FSATTRS
WITH_LSTAT64
WITH_READDIR64
WITH_ZLIB
WITH_MHASH
WITH_AUDIT
CONFIG_FILE = "/dev/null"

AIDE的常规配置文件位于 /etc/default/aide。规则和配置位于 /etc/aide/ 并且AIDE数据库位于 /var/lib/aide/

在Ubuntu 20.04上初始化AIDE数据库

必须先创建新的AIDE数据库,然后才能进行AIDE的配置。这可以通过使用 aideinit 脚本。的 aideinit 将创建一个新的基准数据库, /var/lib/aide/aide.db.new

但是,创建新的AIDE数据库可能需要几分钟。

sudo aideinit
...
Start timestamp: 2020-08-17 21:16:09 +0300 (AIDE 0.16.1)
AIDE initialized database at /var/lib/aide/aide.db.new
Verbose level: 6

Number of entries:	394993

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.new
  RMD160   : GAsN4WEjhdn24HElaCb/daTKDjw=
  TIGER    : gwq53qWUr8hNSR2QnQficDJXungcT0B8
  SHA256   : UpDqEtrLclqTqueWyXY5QOaivAMIhG1m
             BXLExj07yaA=
  SHA512   : lEj5QZJDraeraqx99J9Vi5AUBa3VPtH1
             ZsWQret9+hXpvlyKV9jYzjLT/nSRYZjb
             3yiwEOnk2N5Tsao+XEALew==
  CRC32    : exgbFw==
  HAVAL    : 0EJFOeHe63tSE7qV0xdMHabpQr4kQkdy
             6b0UxZbknxM=
  GOST     : hK/QHynp7XXi8tD3c1K5WLGCCnHcgMaS
             HyQgh9uB5Os=


End timestamp: 2020-08-17 21:32:02 +0300 (run time: 6m 53s)

如您所见,已经创建了一个新的基准AIDE数据库, /var/lib/aide/aide.db.new

安装新的AIDE数据库

要安装新创建的AIDE数据库,需要将其复制到以下位置:

cp /var/lib/aide/aide.db{.new,}

重建AIDE配置

要更新AIDE运行时配置, /etc/aide/aide.conf,执行以下命令

update-aide.conf

该命令生成一个新的配置文件, /var/lib/aide/aide.conf.autogenerated。将新的配置文件复制到默认的AIDE configs目录,并覆盖现有的文件;

cp /var/lib/aide/aide.conf.autogenerated /etc/aide/aide.conf

检查AIDE数据库是否存在任何不一致

生成新配置后,通过执行以下命令对新配置运行手动数据库检查;

aide -c /etc/aide/aide.conf -C

该命令基本上将尝试检查AIDE数据库和文件系统之间的偏差。参见下面的示例输出;

...
Start timestamp: 2020-08-17 22:58:29 +0300 (AIDE 0.16.1)
AIDE found differences between database and filesystem!!
Verbose level: 6

Summary:
  Total number of entries:	395004
  Added entries:		8
  Removed entries:		0
  Changed entries:		13

---------------------------------------------------
Added entries:
---------------------------------------------------

d++++++++++++++++: /run/motd.d
d++++++++++++++++: /run/motd.d/fwupd
f++++++++++++++++: /run/motd.d/fwupd/85-fwupd
d++++++++++++++++: /run/systemd/dynamic-uid
l++++++++++++++++: /run/systemd/units/invocation:fwupd.service
d++++++++++++++++: /tmp/systemd-private-a6c413acea194aa1bd41d2936e4d4ea6-fwupd.service-Xwi4Fh
d++++++++++++++++: /tmp/systemd-private-a6c413acea194aa1bd41d2936e4d4ea6-fwupd.service-Xwi4Fh/tmp
f++++++++++++++++: /var/lib/aide/aide.db

---------------------------------------------------
Changed entries:
---------------------------------------------------

f >b... mc..C.. .: /etc/aide/aide.conf
d   ...    n ..  : /run
d >.... mc.n ..  : /run/systemd
f =.... mci....  : /run/systemd/resolve/stub-resolv.conf
f =.... mc.....  : /run/systemd/timesync/synchronized
d >.... mc.. ..  : /run/systemd/units
d =.... mc.. .. .: /var/cache/fwupd
f >b... mci.C.. .: /var/cache/fwupd/metadata.xmlb
d =.... mc.. .. .: /var/cache/private/fwupdmgr/fwupd
f >b... mci.C.. .: /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz
f =.... mci.C.. .: /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz.asc
f =.... mc..C.. .: /var/log/journal/088f282d218f4067987670b09ad3319e/system.journal
d   ...   .n .. .: /var/tmp

---------------------------------------------------
Detailed information about changes:
---------------------------------------------------

File: /etc/aide/aide.conf
  Size     : 6598                             | 57485
  Bcount   : 16                               | 120
  Mtime    : 2016-04-16 20:57:29 +0300        | 2020-08-17 22:58:04 +0300
  Ctime    : 2020-08-17 22:32:14 +0300        | 2020-08-17 22:58:04 +0300
  RMD160   : kHZi6LuS1X5nlHkrtCLV9UdgDxo=     | VS/qXLCjQQoZvM9PiMN0vognx+8=
  TIGER    : 4Xz+mZRAxr2kNIGOmTNJa/7Ftv+VpV37 | PlLfFDUNNN4gLjonNvJmrzyTGKeSwhLi
  SHA256   : RN1UT38/wRA8N5o4M4MHU8N+G49sK9nB | kot4UpZLPPGlEUJdW8VtupXCjeITR4H6
             0B5VVewz3h8=                     | HsG+rB0f6L8=
  SHA512   : o4LOstw3erheco5dpKcKLadGav29Ud9E | spATSozxKYXnmS83qGHC9ijpT3RDFxMx
             ZQd6cPiQZuQ7bsTZkx1MGEW+VYkhz5gj | 6/1vnTRZy/csfmaY6D9MBMkujB5blhFf
             yKP7Fvoitf+jHcriq57Pgg==         | mD+ynvYvCwyCVjNcRe5dGg==
  CRC32    : S3Rhfg==                         | cEpRww==
  HAVAL    : +O7017egNOm+/TJW/3HxeQcxmz55pDM7 | elv71LkPurGiLw2qtG4cDF5xozVJccsG
             S+TXtMWVN/E=                     | JRzZvSiA994=
  GOST     : 3NHf+nD39SudMxLJc5fkpkarUQ+unLQf | J5cKfKZL53NeV7TFaTZNJSKptrSXA0Io
             NhV8dix9LIw=                     | oX5CeovHm/M=

Directory: /run
  Linkcount: 30                               | 31

Directory: /run/systemd
  Size     : 500                              | 520
  Mtime    : 2020-08-17 21:15:49 +0300        | 2020-08-17 22:49:28 +0300
  Ctime    : 2020-08-17 21:15:49 +0300        | 2020-08-17 22:49:28 +0300
  Linkcount: 23                               | 24

File: /run/systemd/resolve/stub-resolv.conf
  Mtime    : 2020-08-17 22:38:02 +0300        | 2020-08-17 22:57:59 +0300
  Ctime    : 2020-08-17 22:38:02 +0300        | 2020-08-17 22:57:59 +0300
  Inode    : 659                              | 640

File: /run/systemd/timesync/synchronized
  Mtime    : 2020-08-17 22:16:12 +0300        | 2020-08-17 22:50:20 +0300
  Ctime    : 2020-08-17 22:16:12 +0300        | 2020-08-17 22:50:20 +0300

Directory: /run/systemd/units
  Size     : 1420                             | 1440
  Mtime    : 2020-08-17 22:37:42 +0300        | 2020-08-17 22:49:37 +0300
  Ctime    : 2020-08-17 22:37:42 +0300        | 2020-08-17 22:49:37 +0300

Directory: /var/cache/fwupd
  Mtime    : 2020-08-09 16:13:39 +0300        | 2020-08-17 22:49:36 +0300
  Ctime    : 2020-08-09 16:13:39 +0300        | 2020-08-17 22:49:36 +0300

File: /var/cache/fwupd/metadata.xmlb
  Size     : 1879141                          | 1887049
  Bcount   : 3672                             | 3688
  Mtime    : 2020-08-09 16:13:39 +0300        | 2020-08-17 22:49:36 +0300
  Ctime    : 2020-08-09 16:13:39 +0300        | 2020-08-17 22:49:36 +0300
  Inode    : 1181994                          | 1181386
  RMD160   : pYzImUr/9IKcF/SsT+tijWj6o48=     | lNG+19YEXBaY429TNxZkLlZfuVY=
  TIGER    : mCYoqhqfFNesX1DBDyNE0YyU9DHANfsr | IO3tgHWnfLb+q4+hnVjJUEliGJsoiBtt
  SHA256   : LZuTxCE1d4uxstnNw85aPmd3waqIiaUt | fchrp9FBGA0lcNqelgDUttBwUcedo+Yi
             ED7Mux5lkvI=                     | niwWtEj+h2k=
  SHA512   : 9/l4bMAUVMkk3MJxW/dG/kE6izzuwmzd | EaApKbI8wPTtUw+4q7g9VHMLQgmeH7lk
             Mne02Yp6wtvH9b7lMhl6t5tGqIXMIy6h | lyet7Sc2YrP4sUE5ZDPX0OVut0+rFN5B
             0gxhD5pBiJrAcpdwgUSvZw==         | be75hImQJReXevqXgC+/eg==
  CRC32    : PU7mFA==                         | spejqA==
  HAVAL    : ZJpdjXOB1L+AupLhbvX4pUPLA+31vYrJ | jiAxgrp+7q4U7v7vxRAUOwAVzbxCrqTl
             WOaHdM9b55M=                     | JlJZrosn4fI=
  GOST     : wttUYlhB+GClZQkO85v2CaoSrM3ebi65 | HLlRZjmex/GvqPX0XHAk04Y5xsSyBWbN
             +oZSpV60PGg=                     | UCqD96u9v48=

Directory: /var/cache/private/fwupdmgr/fwupd
  Mtime    : 2020-08-09 16:13:38 +0300        | 2020-08-17 22:49:35 +0300
  Ctime    : 2020-08-09 16:13:38 +0300        | 2020-08-17 22:49:35 +0300

File: /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz
  Size     : 424119                           | 426248
  Bcount   : 832                              | 840
  Mtime    : 2020-08-09 16:13:38 +0300        | 2020-08-17 22:49:35 +0300
  Ctime    : 2020-08-09 16:13:38 +0300        | 2020-08-17 22:49:35 +0300
  Inode    : 1181212                          | 1180811
  RMD160   : YFUDWdSVHPkiQcLISZDtJ20ky/A=     | bjaeAnUPskzRnUT2R2T/j6YijII=
  TIGER    : t0kardgEjTOXg6kjTOGK1Mjx8jreOu0t | Y3T5gm10e0xJDigOB4ptR4P8a3gIm/BO
  SHA256   : ytgCFZCZrZVDM/2pEwuMplVVQFovJtp/ | fXsj5k8OZd6253M1rKW5byDKBxVr+rJz
             jn4/PtfIwMg=                     | d8iXbqQjp2Y=
  SHA512   : xD+fcT1TfYyZ2P/64bwhqF8QfjLA3beU | KR0xDT3k5arE4UW6kkj1a9BcEwWmQYq5
             3DEWBbHYh7RUXqsgw5M31XuPXd07yTGf | JU+IaCYSIZYTHyGqL/TNfcgs3r6IF3cC
             PLF8BSXO+lg2FJutVTICnQ==         | HR7aRxWRpCtZkXaa/LLb9Q==
  CRC32    : 7iORCA==                         | 9AxJqw==
  HAVAL    : LU36UpTcbBHZreZtS1DVY/Mu7VAlwufB | Lg1NC9WNPmzu363oOCcwOGpqTCcKQXXB
             dkh20rP9YN0=                     | fYZu63QXIdo=
  GOST     : UizSu5hJ9mvqCHDunME/8o1LtXGkpCBs | oKfk9n2Jb+MlDmQ7E6gPARIRR/FN6qV1
             Fem5UwkVNso=                     | Rc88UrTd4Cg=

File: /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz.asc
  Mtime    : 2020-08-09 16:13:38 +0300        | 2020-08-17 22:49:35 +0300
  Ctime    : 2020-08-09 16:13:38 +0300        | 2020-08-17 22:49:35 +0300
  Inode    : 1181386                          | 1181212
  RMD160   : vQ1t+LGm8JuDNXaNfQf5Nu2uLBs=     | qYgiTufncPHlLLPVTBTBnjwen70=
  TIGER    : C/FgkLFD0yvufVxCIJ1557UwwmB5gT6g | Hrr56nR+iS22evWzhCcjsaB3b18ex4n7
  SHA256   : AZx4XHuXpkh5nNNJvwBbss02Q4JHar8m | u0qnWOIOXKe4MqWv2NoRA+aEiCv+RAoO
             XVbklfUeh44=                     | hFC2pluDo3A=
  SHA512   : oyfQwrMKK6ClBDTpfl1ws83JauDn2jZB | JfbGNhvPrpPBNmix0TGRhDira4Q+uAMj
             zOrKNml9JckZUIyWfo+LXGxTfFFMFqda | 69NUjYgioKTLP3gHWy6ya0T/aaZW9nNG
             SvNMs5h6hLHA6OgAjGeZAw==         | r5Vp20NYg3ovJGecFN3r/w==
  CRC32    : K4sNnw==                         | ju3ORQ==
  HAVAL    : QDsY4hzIXYWAntBnZdDHyUVhd78YzBmS | Wve1Dsn7wJ3Mg+tUIOQ0BJ1GuXj3OFXA
             6EaWU+pYT6Q=                     | mDBV/Fe7Y4M=
  GOST     : 4atPHXn4P+PDrEWCb152oGA85SLNMaDu | K0ZAsfW3Su73/Rcfmg1Ktl73rTt6YogM
             L4WsklT4hhA=                     | u+5mW4UGSIs=

File: /var/log/journal/088f282d218f4067987670b09ad3319e/system.journal
  Mtime    : 2020-08-17 22:49:37 +0300        | 2020-08-17 23:08:00 +0300
  Ctime    : 2020-08-17 22:49:37 +0300        | 2020-08-17 23:08:00 +0300
  RMD160   : Yr9Qt19hUZ/vs5VHanGI0XWPsec=     | sxiZM4GD9+bT7xpnQaQ2Y4BXgBg=
  TIGER    : n4IiYoU+90aNo48QP8NNJ+UqRpnYmSIj | Yc0FFEN093uNlzOju7CnxbgxAkGiGFeZ
  SHA256   : MChIPiES5Fy1s2cPY6NrEzSj2QcukevK | 5bewLryKRLaDtmVztDAPnF4yXjCGPgvD
             oIvAVvFr2IY=                     | D6L08jLUvMk=
  SHA512   : 0Q1LGzvO2+GyEagYpI8L9Piwy2gK5mpk | 99Oh6/6dLkz2hLKxc9fLGMSL+9YPBzgH
             Qh5m6r16cvD1eMVIvczF7xuh34wD3464 | AAuGk7aLHfJkOWDOBqAAL35+0J/7nipy
             /ljj8kNwm9MTkTWO9AXs0Q==         | 90PGDHUYX91R9R1ZPggD3A==
  CRC32    : aKCqmw==                         | cWJs5g==
  HAVAL    : evOCIyBezEFHhlPo1udj0pzEe4yCyqLV | pHrfpI3QSMlc+mws8OwsLtSdTH2Ra8jU
             aYmYblzdGl8=                     | e8bAgekKWpg=
  GOST     : +9GrDgi8EyOZk/msfzK3Tngs/d06/R16 | 2K0ZA6o9634mdHTTfeEWVQ1BGY9zB9eA
             bbeLzmRnGMU=                     | GI9VMXJbAxs=

Directory: /var/tmp
  Linkcount: 5                                | 6


---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db
  RMD160   : SHHCkuxGwovE79pnRzjF2FWY9l0=
  TIGER    : 4WDF8gbxMdVskus0b683V4qei0dmZ9OE
  SHA256   : iWlmKb+neZVRRT66cce5oY8yYcj21F2d
             RmQr0OZlAiU=
  SHA512   : 2mne5zEs5MbQnsVf0HOCUgPf892GfGQF
             duxUaOzNU9F7gFdpp7W1/LWYsq2IqkzV
             kN0eJX0mq7vZaa37lr/kpg==
  CRC32    : vLZ/gQ==
  HAVAL    : apU71suq+RVvyVm+OzkNE26OCSQ6d3AE
             8g9DUVYavJY=
  GOST     : PICK1Cdw+Ma5OYP4JKhxRsyhQ8cXiBjG
             XsbXV19I+0E=


End timestamp: 2020-08-17 23:14:03 +0300 (run time: 15m 34s)

从上面的输出中,AIDE发现了许多文件系统更改。检查报告。

在Ubuntu 20.04上测试AIDE

现在,您可以创建新文件,编辑某些文件甚至删除某些文件,然后重新运行AIDE检查,以实际查看AIDE如何检测所有这些更改。

echo "1.2.3.4 test.kifarunix-demo.com" >> /etc/hosts
touch /etc/newfile
rm -rf /etc/issue

完成所有更改后,针对文件系统重新运行AIDE数据库检查。

aide -c /etc/aide/aide.conf -C

将AIDES完整性检查限制为特定的文件/目录

例如,将完整性检查限制为特定条目 /etc,通过 --limit REGEX AIDE检查命令的选项,其中REGEX是要检查的条目。

例如,检查并更新匹配的数据库条目 /etc,您将运行aide命令,如下所示;

aide -c /etc/aide/aide.conf --limit /etc --check

要排除某些目录,请编辑配置文件, /etc/aide/aide.conf,并以格式将要忽略的目录添加到文件末尾;

!/home/
!/var/lib/
!/proc

使用自定义AIDE配置

您还可以创建自己的配置并定义需要检查的内容和不需要检查的内容。请参阅下面的示例配置;

mkdir /home/koromicha/aide
vim /home/koromicha/aide/aide.conf
# Path for creating the databases
database=file:/home/koromicha/aide/aide.db
database_out=file:/home/koromicha/aide/aide.db.new
database_new=file:/home/koromicha/aide/aide.db.new

# Set your own AIDE rule.
MYRULE=p+n+u+g+s+m+c+xattrs+md5+sha512

# Directories/files to be monitored and rule to apply
#/etc MYRULE
#/bin MYRULE
#/usr/bin MYRULE

# Directories to ignore
/home MYRULE
!/proc

基本上,上面设置的规则会检查 p发芽, ñ链接数, üSER, G验证时间,inode /文件 Change时间,eX倾向于文件 属性ibutesMD5 校验和 SHA512 校验和。

使用新配置初始化数据库;

sudo aide -c /home/koromicha/aide.conf -i

复制数据库到位;

cp /home/koromicha/aide/aide.db{.new,}

通过运行以下命令来验证配置文件是否存在错误;

aide -c /home/koromicha/aide/aide.conf --config-check

检查命令退出状态。

echo $?

AIDE诊断

根据AIDE手册页,如果没有发生错误,则AIDE的退出状态通常为0。除了请求–check,–compare或–update命令时,在这种情况下,退出状态定义为:

   1 * (new files detected?)     +

   2 * (removed files detected?) +

   4 * (changed files detected?)

   Since  those three cases can occur together, the respective error codes are added. For example, if there are new files and removed files detected, the exit status will be 1 + 2 = 3.

   Additionally, the following exit codes are defined for generic error conditions:

   14 Error writing error

   15 Invalid argument error

   16 Unimplemented function error

   17 Invalid configureline error

   18 IO error

   19 Version mismatch error

注意注意:每当您对AIDE配置进行任何更改时,请记住都要初始化数据库以创建基准。

进行更改,例如创建新目录,文件;

rm -rf /home/koromicha/aide/aide.db.new
mkdir /home/koromicha/test-dir
touch /home/koromicha/test-file

然后,您可以针对自定义配置运行AIDE。

aide -c /home/koromicha/aide.conf -C
Start timestamp: 2020-08-18 08:35:18 +0300 (AIDE 0.16.1)
AIDE found differences between database and filesystem!!

Summary:
  Total number of entries:	59
  Added entries:		4
  Removed entries:		2
  Changed entries:		2

---------------------------------------------------
Added entries:
---------------------------------------------------

f++++++++++++++++: /home/koromicha/aide/aide.conf
f++++++++++++++++: /home/koromicha/aide/aide.db
d++++++++++++++++: /home/koromicha/test-dir
f++++++++++++++++: /home/koromicha/test-file

---------------------------------------------------
Removed entries:
---------------------------------------------------

f----------------: /home/koromicha/aide/aide.db.new
f----------------: /home/koromicha/aide.conf

---------------------------------------------------
Changed entries:
---------------------------------------------------

d = ... mc n  .  : /home/koromicha
d = ... mc .  .  : /home/koromicha/aide

---------------------------------------------------
Detailed information about changes:
---------------------------------------------------

Directory: /home/koromicha
  Mtime    : 2020-08-18 08:26:21 +0300        | 2020-08-18 08:31:31 +0300
  Ctime    : 2020-08-18 08:26:21 +0300        | 2020-08-18 08:31:31 +0300
  Linkcount: 9                                | 10

Directory: /home/koromicha/aide
  Mtime    : 2020-08-18 08:27:52 +0300        | 2020-08-18 08:31:14 +0300
  Ctime    : 2020-08-18 08:27:52 +0300        | 2020-08-18 08:31:14 +0300


---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/home/koromicha/aide/aide.db
  MD5      : w7Z1b0myNGwnbiexjCsY8Q==
  SHA1     : PcxP7dFM/QifwAmkETeX2jdipEc=
  RMD160   : cOFuj1oXo66UJszu++O3sJSgLtU=
  TIGER    : 0kW96KfuYLcqSemVRPIQdpItMMqjqk5O
  SHA256   : CJxvbpOch28A0zbBds/WsVHwIoD2m9wR
             Z3eZLE8nSkQ=
  SHA512   : WhCWUC0HX2vcQLxS+CMe3iMmw4tjzM4N
             72q+Ni+kn4AVMMB8MD6mDtouRYwtnEI0
             nH7c+WdCoX303Y6dmjH65Q==
  CRC32    : qhiKSQ==
  HAVAL    : bIk9sCi3W/CA2Xen1KHvr5558udvZZcl
             PzAY/GgIRd4=
  GOST     : jpVKL+hk3+IaZ3J+zJkLaU1IlMWksrDo
             +wNm5MOoWfA=
  WHIRLPOOL: 2RcZzpfvzIkRRcfkw0TMXZT2zEFammH4
             j5JT9ZO41knXTmMkJ4TT1PD4+uRNBFBW
             Bylc3q2qfpC+Z1lPQ4lKkQ==


End timestamp: 2020-08-18 08:35:19 +0300 (run time: 0m 1s)

通过邮件发送AIDE报告

要通过邮件发送AIDE报告,您需要编辑文件, /etc/default/aide 并设置值 MAILTO 电子邮件ID的指令,如下所示。默认收件人是 root

vim /etc/default/aide
...
#MAILTO=root
[email protected]

仅当您已配置MTA进行电子邮件传输时,电子邮件传递才能工作。请点击以下链接,了解如何配置Postfix以使用Gmail SMTP进行中继;

配置Postfix在Ubuntu 20.04上使用Gmail SMTP

将Postfix配置为在Ubuntu 18.04上使用Gmail SMTP

运行AIDE每日报告

默认情况下,AIDE会自行设置每日执行脚本, /etc/cron.daily/aide,安装后。支票的输出邮寄给在 MAILTO= 的指令 /etc/default/aide 如上所述的配置文件。

您也可以为AIDE检查创建自己的自定义cron作业。

这标志着本教程有关如何在Ubuntu 20.04上安装和配置AIDE的结尾。

参考

man aide

man aide.conf

助手

Sidebar