AIDE (Advanced Intrusion Detection Environment) is a program that'll scan all of your file and built a database with the signature of each file. Then AIDE will compare the reference with the actual file system, and tell you if any change occurs.

Installation

yum install aide

Initialization and Update

Initialize the database :

aide --update

Move the DB to use it :

mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

You can create a script that update the DB and use the new :

nano /root/aide-update.sh
#!/bin/bash
 
aide --update
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
chmod +x aide-update.sh

Automation

Add cron that will perform a check every 24h:

crontab -e

@daily bash /usr/sbin/aide --check

Reporting

A little script to get back the result by email :

#!/bin/bash

nice -n 19 /usr/sbin/aide --check 2>&1 | mail -r "AIDE Report <[email protected]>" -s "Advanced Intrusion Detection Environment Report" [email protected]

Sources
https://www.tecmint.com/check-integrity-of-file-and-directory-using-aide-in-linux/
http://aide.sourceforge.net/
https://wiki.archlinux.org/index.php/AIDE

Feel free to correct me if you see any typo or if something seems wrong to you.
You can send me an email or comment below.

Picture : Maarten van den Heuvel