Adelaide is a command-line script to automate the checking of important files for unauthorized changes on Linux and UNIX system.
This program is mainly a shell script and it's configuration file.
If you have the Stow package management system then installation is easy:
mkdir -p /usr/local/stow/adelaide
cp -ai bin etc var /usr/local/stow/adelaide
stow -v -d /usr/local/stow adelaide
Stow will create symbolic links in /usr/local to the real files in /usr/local/stow/adelaide. This means that you know which package the files belong to and can add or remove them easily. Stow is a single Perl script will run on most versions of UNIX or Linux.
If you don't want to use stow then you copy the script and it's configuration file anywhere, though I would recomend against /usr/ as that will probably interfere with your OS package manager. When you run adelaide you will need to tell it where the config file is, eg:
adelaide --config /opt/adelaide/etc/adelaide.conf
This script will probably need to be run as the root user as there may be areas that only root can read.
A cron job should be used to run this script at the desired times.
The adelaide.conf is the configuration file for this script. Important values to check and change before running are:
aide_bin - location of the AIDE program
aide_auto_dir - base directory where you installed adelaide
warning_email_to & db_email_to - where to send the emails
report_lifetime & db_lifetime - how long to keep report and database files
You will also need a working aide.conf, the configuration file for AIDE itself. Some settings will need to match the files locations you entered in the adelaide.conf file, such as:
@@define TOPDIR /usr/local/stow/adelaide
The rest of the file will be a list of files to check and what properties to check them for (eg contents, timestamps, ownership). It may need some tweaking over time to get it checking what you want (eg some hosts may use DHCP and have /etc/resolv.conf changing).
Some example aide.conf files have been included in the examples directory.