How to Check Integrity With AIDE in Fedora

AIDE (Advanced Intrusion Detection Environment) is a program for checking the integrity of a file and directory on any modern Unix-like system. It creates a database of files on the system, and then uses that database as a yardstick to ensure file integrity and detect system intrusions.

In this article, we will show how to install and use AIDE to check file and directory integrity in Fedora distribution.

How to Install AIDE in Fedora

1. The AIDE utility is included in Fedora Linux by default, therefore, you can use the default dnf package manager to install it as shown.

$ sudo dnf install aide  

2. After the installation is complete, you need to create the initial AIDE database, which is a snapshot of the system in it’s normal state. This database will act as the yardstick against which all subsequent updates and changes will be measured.

Note that it is important to create the database on a new system before it is brought onto the network. And secondly, the default aide configuration enables checking a set of directories and files defined in the /etc/aide.conf file. You need to edit this file accordingly to configure more files and directories to be watched by aide.

Run the following command to generate the initial database:

$ sudo aide --init
Create AIDE Initial Database
Create AIDE Initial Database

3. To start using the database, remove the .new substring from the initial database file name.

$ sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

4. To further protect the AIDE database, you can change its default location by editing the configuration file and modify the DBDIR value and point it to the new location of the database.

@@define DBDIR  /path/to/secret/db/location

For additional security, store the database configuration file and the /usr/sbin/aide binary file in a secure location such as a read-only media. Importantly, you can in fact increase security by signing the configuration and/or database.

Performing Integrity Checks in Fedora

5. To manually scan the Fedora system, run the following command.

$ sudo aide --check

The output of the above command shows differences between the database and the current state of the filesystem. It shows a summary of entries and detailed information about the changed entries.

Scan Fedora System
Scan Fedora System

6. For effective usage, you should configure AIDE to run as a cron job, to perform scheduled scans, either weekly (at the minimum) or daily (at the maximum).

For example, to schedule a scan at midnight everyday, add the following cron entry in the file /etc/crontab.

00  00  *  *  *  root  /usr/sbin/aide --check

Updating an AIDE Database

7. After confirming the changes of your system such as, package updates or configuration files modifications, update your baseline AIDE database with the following command.

$ sudo aide --update

The aide --update command creates a new database file /var/lib/aide/aide.db.new.gz. To start using it for future scans, you need to rename it as shown before (remove the .new substring from the file name).

For additional information on AIDE you can check its man page.

$ man aide

For other Linux distributions, you can check out: How to Check Integrity of File and Directory Using “AIDE” in Linux.

AIDE is a powerful utility for checking integrity of files and directories on Unix-like operating systems such as Linux. In this article, we showed how to install and use AIDE in Fedora Linux. Do you have any question(s) or comments concerning AIDE, if yes, then use the feedback form to reach us.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.