1 min read

How AIDE help you to detect intrusion ?

How AIDE help you to detect intrusion ?

AIDE (Advanced Intrusion Detection Environment) is a program that'll scan all of your file and built a database with the signature of each file. Then AIDE will compare the reference with the actual file system, and tell you if any change occurs.


yum install aide

Initialization and Update

Initialize the database :

aide --update

Move the DB to use it :

mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

You can create a script that update the DB and use the new :

nano /root/aide-update.sh
aide --update
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
chmod +x aide-update.sh


Add cron that will perform a check every 24h:

crontab -e
@daily bash /usr/sbin/aide --check


A little script to get back the result by email :


nice -n 19 /usr/sbin/aide --check 2>&1 | mail -r "AIDE Report <[email protected]>" -s "Advanced Intrusion Detection Environment Report" [email protected]


Feel free to correct me if you see any typo or if something seems wrong to you.
You can send me an email or comment below.

Picture : Maarten van den Heuvel