Advanced intrusion detection environment
This presentation is the property of its rightful owner.
Sponsored Links
1 / 5

Advanced Intrusion Detection Environment PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on
  • Presentation posted in: General

Advanced Intrusion Detection Environment. AIDE http://www.cs.tut.fi/~rammer/aide.html. AIDE. Uses regular expression rules to check file integrity Replaces Tripwire Constructs a database of directories specified in configuration file Database consists of file attributes

Download Presentation

Advanced Intrusion Detection Environment

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Advanced intrusion detection environment

Advanced Intrusion Detection Environment

AIDE

http://www.cs.tut.fi/~rammer/aide.html


Advanced intrusion detection environment

AIDE

  • Uses regular expression rules to check file integrity

  • Replaces Tripwire

  • Constructs a database of directories specified in configuration file

  • Database consists of file attributes

  • Creates a cryptographic checksum of each file


Simple sample aide configuration file

Simple Sample AIDE Configuration File

/oracle p


Creating a new database

Creating a New Database

[email protected]:/usr/local/etc: # aide –i

AIDE, version 0.10

### AIDE database initialized.

[email protected]:/usr/local/etc: # ls

aide.conf aide.db.new

[email protected]:/usr/local/etc: # mv aide.db.new aide.db

[email protected]:/usr/local/etc: # aide –check

AIDE, version 0.10

### All files match AIDE database. Looks okay!


Altering the file system and checking again

Altering the File System and Checking Again

[email protected]:/oracle: # ls -l

-r--r--r-- 1 root other 143111 Jun 2 10:26 saudimap.gif

[email protected]:/oracle: # chmod 777 saudimap.gif

[email protected]:/oracle: # aide –check

AIDE found differences between database and filesystem!!

Start timestamp: 2005-06-22 14:00:50

Summary:

Total number of files=18,added files=0,removed files=0,changed files=1

Changed files:

changed:/oracle/saudimap.gif

Detailed information about changes:

File: /oracle/saudimap.gif

Permissions: -r--r--r--, -rwxrwxrwx


  • Login