Blame SOURCES/README.quickstart

1bceaa
1) Customize /etc/aide.conf to your liking. In particular, add
1bceaa
   important directories and files which you would like to be
1bceaa
   covered by integrity checks. Avoid files which are expected
1bceaa
   to change frequently or which don't affect the safety of your
1bceaa
   system.
1bceaa
1bceaa
2) Run "/usr/sbin/aide --init" to build the initial database.
1bceaa
   With the default setup, that creates /var/lib/aide/aide.db.new.gz
1bceaa
1bceaa
3) Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.new.gz
1bceaa
   in a secure location, e.g. on separate read-only media (such as
1bceaa
   CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures
1bceaa
   of those files in a secure location, so you have means to verify
1bceaa
   that nobody modified those files.
1bceaa
1bceaa
4) Copy /var/lib/aide/aide.db.new.gz to /var/lib/aide/aide.db.gz
1bceaa
   which is the location of the input database.
1bceaa
1bceaa
5) Run "/usr/sbin/aide --check" to check your system for inconsistencies
1bceaa
   compared with the AIDE database. Prior to running a check manually,
1bceaa
   ensure that the AIDE binary and database have not been modified
1bceaa
   without your knowledge.
1bceaa
   
1bceaa
   Caution! 
1bceaa
   
1bceaa
   With the default setup, an AIDE check is not run periodically as a
1bceaa
   cron job. It cannot be guaranteed that the AIDE binaries, config
1bceaa
   file and database are intact. It is not recommended that you run
1bceaa
   automated AIDE checks without verifying AIDE yourself frequently.
1bceaa
   In addition to that, AIDE does not implement any password or
1bceaa
   encryption protection for its own files.
1bceaa
   
1bceaa
   It is up to you how to put a file integrity checker to good effect
1bceaa
   and how to set up automated checks if you think it adds a level of
1bceaa
   safety (e.g. detecting failed/incomplete compromises or unauthorized
1bceaa
   modification of special files). On a compromised system, the
1bceaa
   intruder could disable the automated check. Or he could replace the
1bceaa
   AIDE binary, config file and database easily when they are not
1bceaa
   located on read-only media. 
1bceaa