Adelaide 1.0.0

Adelaide is a command-line script to automate the checking of important files for unauthorized changes on Linux and UNIX system.
Adelaide
  1 Screenshot
Adelaide is a command-line script to automate the checking of important files for unauthorized changes on Linux and UNIX system, and then email the system administrator with the details if anything has changed.

Requirements:

AIDE

Installation:

This program is mainly a shell script and it's configuration file.

If you have the Stow package management system then installation is easy:

mkdir -p /usr/local/stow/adelaide
cp -ai bin etc var /usr/local/stow/adelaide
stow -v -d /usr/local/stow adelaide


Stow will create symbolic links in /usr/local to the real files in /usr/local/stow/adelaide. This means that you know which package the files belong to and can add or remove them easily. Stow is a single Perl script will run on most versions of UNIX or Linux.

If you don't want to use stow then you copy the script and it's configuration file anywhere, though I would recomend against /usr/ as that will probably interfere with your OS package manager. When you run adelaide you will need to tell it where the config file is, eg:

adelaide --config /opt/adelaide/etc/adelaide.conf

This script will probably need to be run as the root user as there may be areas that only root can read.

A cron job should be used to run this script at the desired times.

Configuration:

The adelaide.conf is the configuration file for this script. Important values to check and change before running are:

aide_bin - location of the AIDE program
aide_auto_dir - base directory where you installed adelaide
warning_email_to & db_email_to - where to send the emails
report_lifetime & db_lifetime - how long to keep report and database files


You will also need a working aide.conf, the configuration file for AIDE itself. Some settings will need to match the files locations you entered in the adelaide.conf file, such as:

@@define TOPDIR /usr/local/stow/adelaide
database=file://@@{TOPDIR}/var/aide/aide.db
database_out=file://@@{TOPDIR}/var/aide/aide.db.out
database_new=file://@@{TOPDIR}/var/aide/aide.db.new
report_url=stdout
gzip_dbout=no
verbose=20


The rest of the file will be a list of files to check and what properties to check them for (eg contents, timestamps, ownership). It may need some tweaking over time to get it checking what you want (eg some hosts may use DHCP and have /etc/resolv.conf changing).

Some example aide.conf files have been included in the examples directory.

last updated on:
May 13th, 2008, 9:01 GMT
price:
FREE!
homepage:
www.cornerstonelinux.co.uk
license type:
GPL (GNU General Public License) 
developed by:
John Edwards
category:
ROOT \ Security
Adelaide
Download Button

In a hurry? Add it to your Download Basket!

user rating 14

3.2/5
 

0/5

Rate it!

Add your review!

SUBMIT