Installing & Configuring AIDE on Centos

Applicable to Centos Versions:

Centos 5.x
Centos 6.x

Requirements

Explanation of requirements.

Root or appropriate sudo access to the system
Properly configured yum and internet access

Doing the Work

Basic description of what will be done and what is expected.

Install AIDE from the Base repository:

<strong>yum install aide</strong>

At the time of writing this we'll be using AIDE version 0.13.1-4.el5 from Centos Base.

yum install aide

At the time of writing this we'll be using AIDE version 0.13.1-4.el5 from Centos Base.

Configuring AIDE:

The configuration file is located in <strong>/etc/aide.conf</strong>

The purpose of AIDE is to keep track of files on your system to make sure they aren't altered by an intrusion. The database created can be compared to a pristine copy stored offsite in the case of a suspected or confirmed intrusion for forensic analysis. <strong><span style="color: rgb(255, 0, 0);">IMPORTANT: AIDE does not guard or protect against attack or intrusion, it is a security auditing forensic tool only.</span></strong>
AIDE should be installed on a "known good" or fresh system and configured as per this howto and any modifications you need to make to fit your situation or needs. It should then be included as part of a regular security audit process.

Legend:
<strong style="color: rgb(0, 153, 0);">Green</strong> = Default configuration options
<strong style="color: rgb(0, 51, 255);">Blue</strong> = Suggestions

# Example configuration file for AIDE.
<strong style="color: rgb(0, 153, 0);">@@define DBDIR /var/lib/aide
@@define LOGDIR /var/log/aide</strong>
# The location of the database to be read.
<strong style="color: rgb(0, 153, 0);">database=file:@@{DBDIR}/aide.db.gz</strong>
# The location of the database to be written.
#database_out=sql:host:port:database:login_name:passwd:table
#database_out=file:aide.db.new
<strong style="color: rgb(0, 153, 0);">database_out=file:@@{DBDIR}/aide.db.new.gz</strong>
# Whether to gzip the output to database
<strong style="color: rgb(0, 153, 0);">gzip_dbout=yes</strong>
# Default.
<strong style="color: rgb(0, 153, 0);">verbose=5</strong>
<strong style="color: rgb(0, 153, 0);">report_url=file:@@{LOGDIR}/aide.log
report_url=stdout</strong><br />#report_url=stderr
#NOT IMPLEMENTED report_url=mailto:root@foo.com <strong>(defaults)</strong>
#NOT IMPLEMENTED report_url=syslog:LOG_AUTH <strong>(defaults)</strong>
<strong style="color: rgb(0, 0, 255);">report_url=mailto:you@example.com
report_url=syslog:LOG_AUTH</strong>
# You can create custom rules like this.
# With MHASH...
# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
<strong style="color: rgb(0, 153, 0);">ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger</strong>
# Everything but access time (Ie. all changes)
<strong style="color: rgb(0, 153, 0);">EVERYTHING = R+ALLXTRAHASHES</strong>
# Sane, with multiple hashes
# NORMAL = R+rmd160+sha256+whirlpool
<strong style="color: rgb(0, 153, 0);">NORMAL = R+rmd160+sha256</strong>
# For directories, don't bother doing hashes
<strong style="color: rgb(0, 153, 0);">DIR = p+i+n+u+g+acl+selinux+xattrs</strong>
# Access control only
<strong style="color: rgb(0, 153, 0);">PERMS = p+i+u+g+acl+selinux</strong>
# Logfile are special, in that they often change
<strong style="color: rgb(0, 153, 0);">LOG = &gt;</strong>
# Just do md5 and sha256 hashes
<strong style="color: rgb(0, 153, 0);">LSPP = R+sha256</strong>
# Some files get updated automatically, so the inode/ctime/mtime change
# but we want to know when the data inside them changes
<strong style="color: rgb(0, 153, 0);">DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+md5+sha256+rmd160+tiger</strong>
# Next decide what directories/files you want in the database.
<strong style="color: rgb(0, 153, 0);">/boot   NORMAL
/bin    NORMAL
/sbin   NORMAL
/lib    NORMAL
/opt    NORMAL
/usr    NORMAL
/root   NORMAL</strong>
# These are too volatile
<strong><span style="color: rgb(0, 153, 0);">!/usr/src</span>
<span style="color: rgb(0, 153, 0);">!/usr/tmp</span></strong>
# Check only permissions, inode, user and group for /etc, but
# cover some important files closely.
<strong><span style="color: rgb(0, 153, 0);">/etc    PERMS</span>
<span style="color: rgb(0, 153, 0);">!/etc/mtab</span></strong>
# Ignore backup files
<strong style="color: rgb(0, 153, 0);">!/etc/.*~
/etc/exports  NORMAL
/etc/fstab    NORMAL
/etc/passwd   NORMAL
/etc/group    NORMAL
/etc/gshadow  NORMAL
/etc/shadow   NORMAL
/etc/security/opasswd   NORMAL
/etc/hosts.allow   NORMAL
/etc/hosts.deny    NORMAL
/etc/sudoers NORMAL
/etc/skel NORMAL
/etc/logrotate.d NORMAL
/etc/resolv.conf DATAONLY
/etc/nscd.conf NORMAL
/etc/securetty NORMAL</strong>
# Shell/X starting files
<strong style="color: rgb(0, 153, 0);">/etc/profile NORMAL
/etc/bashrc NORMAL
/etc/bash_completion.d/ NORMAL
/etc/login.defs NORMAL
/etc/zprofile NORMAL
/etc/zshrc NORMAL
/etc/zlogin NORMAL
/etc/zlogout NORMAL
/etc/profile.d/ NORMAL
/etc/X11/ NORMAL</strong>
# Pkg manager
<strong style="color: rgb(0, 153, 0);">/etc/yum.conf NORMAL
/etc/yumex.conf NORMAL
/etc/yumex.profiles.conf NORMAL
/etc/yum/ NORMAL
/etc/yum.repos.d/ NORMAL
/var/log   LOG
/var/run/utmp LOG</strong>
# This gets new/removes-old filenames daily
<strong><span style="color: rgb(0, 153, 0);">!/var/log/sa</span></strong>
# As we are checking it, we've truncated yesterdays size to zero.
<strong style="color: rgb(0, 153, 0);">!/var/log/aide.log</strong>
# LSPP rules...<br /># AIDE produces an audit record, so this becomes perpetual motion.
# /var/log/audit/ LSPP
<strong style="color: rgb(0, 153, 0);">/etc/audit/ LSPP
/etc/libaudit.conf LSPP
/usr/sbin/stunnel LSPP
/var/spool/at LSPP
/etc/at.allow LSPP
/etc/at.deny LSPP
/etc/cron.allow LSPP
/etc/cron.deny LSPP
/etc/cron.d/ LSPP
/etc/cron.daily/ LSPP
/etc/cron.hourly/ LSPP
/etc/cron.monthly/ LSPP
/etc/cron.weekly/ LSPP
/etc/crontab LSPP
/var/spool/cron/root LSPP
/etc/login.defs LSPP
/etc/securetty LSPP
/var/log/faillog LSPP
/var/log/lastlog LSPP
/etc/hosts LSPP
/etc/sysconfig LSPP
/etc/inittab LSPP
/etc/grub/ LSPP
/etc/rc.d LSPP
/etc/ld.so.conf LSPP
/etc/localtime LSPP
/etc/sysctl.conf LSPP
/etc/modprobe.conf LSPP
/etc/pam.d LSPP
/etc/security LSPP
/etc/aliases LSPP
/etc/postfix LSPP
/etc/ssh/sshd_config LSPP
/etc/ssh/ssh_config LSPP
/etc/stunnel LSPP
/etc/vsftpd.ftpusers LSPP
/etc/vsftpd LSPP
/etc/issue LSPP
/etc/issue.net LSPP
/etc/cups LSPP</strong>
# With AIDE's default verbosity level of 5, these would give lots of
# warnings upon tree traversal. It might change with future version.
#
#=/lost\+found    DIR
#=/home           DIR
# Ditto /var/log/sa reason...
<strong style="color: rgb(0, 153, 0);">!/var/log/and-httpd</strong>
# Admins dot files constantly change, just check perms
<strong><span style="color: rgb(0, 153, 0);">/root/.* PERMS</span></strong>

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

The configuration file is located in /etc/aide.conf

The purpose of AIDE is to keep track of files on your system to make sure they aren't altered by an intrusion. The database created can be compared to a pristine copy stored offsite in the case of a suspected or confirmed intrusion for forensic analysis. IMPORTANT: AIDE does not guard or protect against attack or intrusion, it is a security auditing forensic tool only.

AIDE should be installed on a "known good" or fresh system and configured as per this howto and any modifications you need to make to fit your situation or needs. It should then be included as part of a regular security audit process.

Legend:

Green = Default configuration options

Blue = Suggestions

# Example configuration file for AIDE.

@@define DBDIR /var/lib/aide

@@define LOGDIR /var/log/aide

# The location of the database to be read.

database=file:@@{DBDIR}/aide.db.gz

# The location of the database to be written.

#database_out=sql:host:port:database:login_name:passwd:table

#database_out=file:aide.db.new

database_out=file:@@{DBDIR}/aide.db.new.gz

# Whether to gzip the output to database

gzip_dbout=yes

# Default.

verbose=5

report_url=file:@@{LOGDIR}/aide.log

report_url=stdout #report_url=stderr

#NOT IMPLEMENTED report_url=mailto:root@foo.com (defaults)

#NOT IMPLEMENTED report_url=syslog:LOG_AUTH (defaults)

report_url=mailto:you@example.com

report_url=syslog:LOG_AUTH

# You can create custom rules like this.

# With MHASH...

# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32

ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger

# Everything but access time (Ie. all changes)

EVERYTHING = R+ALLXTRAHASHES

# Sane, with multiple hashes

# NORMAL = R+rmd160+sha256+whirlpool

NORMAL = R+rmd160+sha256

# For directories, don't bother doing hashes

DIR = p+i+n+u+g+acl+selinux+xattrs

# Access control only

PERMS = p+i+u+g+acl+selinux

# Logfile are special, in that they often change

LOG = >

# Just do md5 and sha256 hashes

LSPP = R+sha256

# Some files get updated automatically, so the inode/ctime/mtime change

# but we want to know when the data inside them changes

DATAONLY = p+n+u+g+s+acl+selinux+xattrs+md5+sha256+rmd160+tiger

# Next decide what directories/files you want in the database.

/boot NORMAL

/bin NORMAL

/sbin NORMAL

/lib NORMAL

/opt NORMAL

/usr NORMAL

/root NORMAL

# These are too volatile

!/usr/src

!/usr/tmp

# Check only permissions, inode, user and group for /etc, but

# cover some important files closely.

/etc PERMS

!/etc/mtab

# Ignore backup files

!/etc/.*~

/etc/exports NORMAL

/etc/fstab NORMAL

/etc/passwd NORMAL

/etc/group NORMAL

/etc/gshadow NORMAL

/etc/shadow NORMAL

/etc/security/opasswd NORMAL

/etc/hosts.allow NORMAL

/etc/hosts.deny NORMAL

/etc/sudoers NORMAL

/etc/skel NORMAL

/etc/logrotate.d NORMAL

/etc/resolv.conf DATAONLY

/etc/nscd.conf NORMAL

/etc/securetty NORMAL

# Shell/X starting files

/etc/profile NORMAL

/etc/bashrc NORMAL

/etc/bash_completion.d/ NORMAL

/etc/login.defs NORMAL

/etc/zprofile NORMAL

/etc/zshrc NORMAL

/etc/zlogin NORMAL

/etc/zlogout NORMAL

/etc/profile.d/ NORMAL

/etc/X11/ NORMAL

# Pkg manager

/etc/yum.conf NORMAL

/etc/yumex.conf NORMAL

/etc/yumex.profiles.conf NORMAL

/etc/yum/ NORMAL

/etc/yum.repos.d/ NORMAL

/var/log LOG

/var/run/utmp LOG

# This gets new/removes-old filenames daily

!/var/log/sa

# As we are checking it, we've truncated yesterdays size to zero.

!/var/log/aide.log

# LSPP rules... # AIDE produces an audit record, so this becomes perpetual motion.

# /var/log/audit/ LSPP

/etc/audit/ LSPP

/etc/libaudit.conf LSPP

/usr/sbin/stunnel LSPP

/var/spool/at LSPP

/etc/at.allow LSPP

/etc/at.deny LSPP

/etc/cron.allow LSPP

/etc/cron.deny LSPP

/etc/cron.d/ LSPP

/etc/cron.daily/ LSPP

/etc/cron.hourly/ LSPP

/etc/cron.monthly/ LSPP

/etc/cron.weekly/ LSPP

/etc/crontab LSPP

/var/spool/cron/root LSPP

/etc/login.defs LSPP

/etc/securetty LSPP

/var/log/faillog LSPP

/var/log/lastlog LSPP

/etc/hosts LSPP

/etc/sysconfig LSPP

/etc/inittab LSPP

/etc/grub/ LSPP

/etc/rc.d LSPP

/etc/ld.so.conf LSPP

/etc/localtime LSPP

/etc/sysctl.conf LSPP

/etc/modprobe.conf LSPP

/etc/pam.d LSPP

/etc/security LSPP

/etc/aliases LSPP

/etc/postfix LSPP

/etc/ssh/sshd_config LSPP

/etc/ssh/ssh_config LSPP

/etc/stunnel LSPP

/etc/vsftpd.ftpusers LSPP

/etc/vsftpd LSPP

/etc/issue LSPP

/etc/issue.net LSPP

/etc/cups LSPP

# With AIDE's default verbosity level of 5, these would give lots of

# warnings upon tree traversal. It might change with future version.

#=/lost\+found DIR

#=/home DIR

# Ditto /var/log/sa reason...

!/var/log/and-httpd

# Admins dot files constantly change, just check perms

/root/.* PERMS

Database Initialization & Checking:

<strong>aide -init</strong> or: <strong>/usr/sbin/aide -init
</strong><strong>aide -check</strong> or: <strong>/usr/sbin/aide -check</strong>

1 2	<strong>aide -init</strong> or: <strong>/usr/sbin/aide -init </strong><strong>aide -check</strong> or: <strong>/usr/sbin/aide -check</strong>

Updating the Database:

<strong>aide -update</strong> or: <strong>/usr/sbin/aide -update</strong>

1	<strong>aide -update</strong> or: <strong>/usr/sbin/aide -update</strong>

Configuration Lexicon:

<table width="295" border="0">
<tbody>
<tr>
<th align="left"> Group</th>
<th align="left"> Check</th>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>p</strong></td>
<td> permissions</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>i</strong></td>
<td> inode</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>n</strong></td>
<td> number of links</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>u</strong></td>
<td> user</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>g</strong></td>
<td> group</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>s</strong></td>
<td> size</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>b</strong></td>
<td> block count</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>m</strong></td>
<td> mtime</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>a</strong></td>
<td> atime</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>c</strong></td>
<td> ctime</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>S</strong></td>
<td> check for growing size</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>acl</strong></td>
<td> Access Control Lists</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>selinux</strong></td>
<td> SELinux security context</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>xattrs</strong></td>
<td> Extended file attributes</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>md5</strong></td>
<td> md5 checksum</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>sha1</strong></td>
<td> sha1 checksum</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>sha256</strong></td>
<td> sha256 checksum</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>sha512</strong></td>
<td> sha512 checksum</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>rmd160</strong></td>
<td> rmd160 checksum</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>tiger</strong></td>
<td> tiger checksum</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>haval</strong></td>
<td> haval checksum (only if mhash enabled)</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>gost</strong></td>
<td> gost checksum (only if mhash enabled)</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>crc32</strong></td>
<td> crc32 checksum (only if mhash enabled)</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>whirlpool</strong></td>
<td> whirlpool checksum (MHASH only)</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>R</strong></td>
<td style="color: rgb(255, 0, 0);"> <strong>p+i+n+u+g+s+m+c+md5</strong></td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>L</strong></td>
<td style="color: rgb(255, 0, 0);"> <strong>p+i+n+u+g</strong></td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>E</strong></td>
<td> empty group</td>
</tr>
<tr>
<td style="color: rgb(255, 0, 0);"> <strong>&gt;</strong></td>
<td> growing logfile (<strong><span style="color: rgb(255, 0, 0);">p+u+g+i+n+S</span></strong>)</td>
</tr>
</tbody>
</table>
<p>You can easily use the default groups, however you have the ability to define your own groups if you want to add a few more checks to certain things. You can also do it to make things easier for you to understand, as has been done above.</p>

<p>Finally, the checks are defined. There are a few rules to remember with this list, which allows for a lot of flexibility.</p>
<ul>
<li> Directories or files prefixed with <span style="color: rgb(42, 44, 126);">!</span> are ignored (ie. in the above, we completely ignore <span style="color: rgb(137, 18, 20);">/usr/src</span> and <span style="color: rgb(137, 18, 20);">/usr/local/src</span>)</li>
<li> Directories prefixed with <span style="color: rgb(42, 44, 126);">=</span> are added alone; none of its children are added. However, AIDE will first do a depth-first search</li>
<li> Directories and files are always treated as a regular expression; ie. <span style="color: rgb(42, 44, 126);">/usr/bin</span> is identical to <span style="color: rgb(42, 44, 126);">/usr/bin.</span></li>
<li> Suffixing a directory or file with <span style="color: rgb(42, 44, 126);">$</span> restricts the check to that directory or file alone.</li>
</ul>
<em>Below you'll see the following default groups which have been applied to the directories and files outlined in the default configuration. While this is safe to use, you should seriously examine your needs and alter the configuration above to suit your needs.</em>

Default groups outlined in the configuration above in step 2:
<strong style="color: rgb(0, 153, 0);">ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger</strong>
<strong style="color: rgb(0, 153, 0);">EVERYTHING = R+ALLXTRAHASHES</strong>
<strong style="color: rgb(0, 153, 0);">NORMAL = R+rmd160+sha256</strong>
<strong style="color: rgb(0, 153, 0);">DIR = p+i+n+u+g+acl+selinux+xattrs</strong>
<strong style="color: rgb(0, 153, 0);">PERMS = p+i+u+g+acl+selinux</strong>
<strong style="color: rgb(0, 153, 0);">LOG = &gt;</strong>
<strong style="color: rgb(0, 153, 0);">LSPP = R+sha256</strong>
<strong style="color: rgb(0, 153, 0);">DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+md5+sha256+rmd160+tiger</strong>

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

<tbody>

<tr>

<th align="left"> Group</th>

<th align="left"> Check</th>

</tr>

<tr>

<td> permissions</td>

</tr>

<tr>

<td> inode</td>

</tr>

<tr>

<td> number of links</td>

</tr>

<tr>

</tr>

<tr>

<td> group</td>

</tr>

<tr>

</tr>

<tr>

<td> block count</td>

</tr>

<tr>

<td> mtime</td>

</tr>

<tr>

<td> atime</td>

</tr>

<tr>

<td> ctime</td>

</tr>

<tr>

<td> check for growing size</td>

</tr>

<tr>

<td> Access Control Lists</td>

</tr>

<tr>

<td style="color: rgb(255, 0, 0);"> selinux</td>

<td> SELinux security context</td>

</tr>

<tr>

<td style="color: rgb(255, 0, 0);"> xattrs</td>

<td> Extended file attributes</td>

</tr>

<tr>

<td> md5 checksum</td>

</tr>

<tr>

<td> sha1 checksum</td>

</tr>

<tr>

<td> sha256 checksum</td>

</tr>

<tr>

<td> sha512 checksum</td>

</tr>

<tr>

<td> rmd160 checksum</td>

</tr>

<tr>

<td style="color: rgb(255, 0, 0);"> tiger</td>

<td> tiger checksum</td>

</tr>

<tr>

<td style="color: rgb(255, 0, 0);"> haval</td>

<td> haval checksum (only if mhash enabled)</td>

</tr>

<tr>

<td> gost checksum (only if mhash enabled)</td>

</tr>

<tr>

<td> crc32 checksum (only if mhash enabled)</td>

</tr>

<tr>

<td style="color: rgb(255, 0, 0);"> whirlpool</td>

<td> whirlpool checksum (MHASH only)</td>

</tr>

<tr>

</tr>

<tr>

</tr>

<tr>

<td> empty group</td>

</tr>

<tr>

<td> growing logfile (p+u+g+i+n+S)</td>

</tr>

</tbody>

</table>

You can easily use the default groups, however you have the ability to define your own groups if you want to add a few more checks to certain things. You can also do it to make things easier for you to understand, as has been done above.

Finally, the checks are defined. There are a few rules to remember with this list, which allows for a lot of flexibility.

<ul>

<li> Directories or files prefixed with ! are ignored (ie. in the above, we completely ignore /usr/src and /usr/local/src)</li>

<li> Directories prefixed with = are added alone; none of its children are added. However, AIDE will first do a depth-first search</li>

<li> Directories and files are always treated as a regular expression; ie. /usr/bin is identical to /usr/bin.</li>

<li> Suffixing a directory or file with $ restricts the check to that directory or file alone.</li>

</ul>

Below you'll see the following default groups which have been applied to the directories and files outlined in the default configuration. While this is safe to use, you should seriously examine your needs and alter the configuration above to suit your needs.

Default groups outlined in the configuration above in step 2:

ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger

EVERYTHING = R+ALLXTRAHASHES

NORMAL = R+rmd160+sha256

DIR = p+i+n+u+g+acl+selinux+xattrs

PERMS = p+i+u+g+acl+selinux

LOG = >

LSPP = R+sha256

DATAONLY = p+n+u+g+s+acl+selinux+xattrs+md5+sha256+rmd160+tiger

Troubleshooting / How To Test

Explanation troubleshooting basics and expectations.

If you cannot install or edit AIDE or /etc/aide.conf then you are not root or do not have proper sudo privileges:

Use <strong>su -</strong> (<em>the dash is important</em>) to elevate to root or <strong>sudo yum install aide</strong> or <strong>sudo vi /etc/aide.conf</strong> to install or edit the necessary files.

1	Use <strong>su -</strong> (<em>the dash is important</em>) to elevate to root or <strong>sudo yum install aide</strong> or <strong>sudo vi /etc/aide.conf</strong> to install or edit the necessary files.

Other problems:

If you're having problems that aren't addressed here, make sure to collect basic information such as:
The output of <strong>uname -a</strong>
Any yum error output 
And post it on a pastebin such as <a href="http://fpaste.org">fpaste.org</a> before visiting <strong>#centoshelp on Freenode</strong> and engaging others.

If you're having problems that aren't addressed here, make sure to collect basic information such as:

The output of uname -a

Any yum error output

And post it on a pastebin such as <a href="http://fpaste.org">fpaste.org</a> before visiting #centoshelp on Freenode and engaging others.

Common Problems & Fixes

Description of common problems here, including links to known common problems if located on another site

http://wiki.centos.org

More Information

Any additional information or notes.

Disclaimer

We test this stuff on our own machines, really we do. But you may run into problems, if you do, come to #centoshelp on irc.freenode.net

Added Reading

http://www.redhat.com

Last Modified: 22 Apr, 2020 at 16:39:48