Aide

What is AIDE?

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more.

There are other free replacements available so why build a new one? All the other replacements do not achieve the level of Tripwire. And I wanted a program that would exceed the limitations of Tripwire.

What does it do?

It creates a database from the regular expression rules that it finds from the config file. Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) that are used to check the integrity of the file. More algorithms can be added with relative ease. All of the usual file attributes can also be checked for inconsistencies. It can read databases from older or newer versions. See the manual pages within the distribution for further info. There is also a beginning of a manual.

Download

Mirrors

Mirrors can be found at following places. I do not have access to these machines. They are provided as a courtesity by individuals. Thank you.

ftp://ftp.linux.hr/pub/aide/

The latest version is 0.7.

ftp://ftp.cs.tut.fi/pub/src/gnu/aide-0.7.tar.gz. Or http://www.cs.tut.fi/~rammer/aide-0.7.tar.gz.

Previous releases

You can find previous releases at ftp://ftp.cs.tut.fi/pub/src/gnu/.

Note that they are buggy and do not contain all the features.

CVS snapshot

The CVS tree is under constant development. It may be buggy. It may not even compile. But it also contains the latest fixes and features. You can get it from http://www.cs.tut.fi/~rammer/aide-CVS.tar.gz.

GPL

Aide is licensed using GPL. Please read it.

What platform does AIDE run on?

Basically AIDE runs on any moderns Unix. Below is a list of platforms people are actually running AIDE on.

Solaris 2.5.1,2.6,7
Linux 2.2.x,2.0.x
FreeBSD 2.2.8,3.4
Unixware 7.0.1
BSDi 4.1
OpenBSD 2.6
AIX 4.2

I found a bug. What do I do?

You can try to fix it and send the patches back to me. Or just send me a bug report.

Mailinglist

There is a mailinglist for aide. You can subscribe by sending an e-mail to Majordomo@cs.tut.fi with subscribe aide as the BODY of the message and an empty Subject: line. This link may help.
All subscribe requests have to be handled manually. So please be patient.
Absolutely NO SPAM is allowed.
Only the people on the list can send messages to it.

I want to contribute a larger set of patches.

You should e-mail me for a read-write account to the CVS-server.

I would like to help but don't know how.

You can send me Jolt, Computer Security related books and anything you think that would encourage me to donate more time to this project.

CVS-server

We have a CVS-server named cvs.cs.tut.fi. For a more comprehensive overview we suggest reading this document.

The first thing you need to do is download CVS and install it on your system. Head over to Cyclic Software and when you are done come back.

Now you need to point your CVS client to the AIDE server. This can be done by setting an environment variable on your system.

While using a bourne shell (sh, bash, etc) type the following:

CVSROOT=:pserver:cvs@cvs.cs.tut.fi:/cvs-root-aide
export CVSROOT

Alternately you can specify the CVSROOT when you give a CVS command by using the -d flag. While this allows you to access multiple CVS without having to reset you environment, it does require you to specify the server each time you login to or checkout from the repository.

cvs -d:pserver:cvs@cvs.cs.tut.fi:/cvs-root-aide [command]

Now you are ready to actually connect and download the source. In order to login to the server type:

cvs login

And when prompted use the password:

cvs

After the first time you log into the CVS server the password will be remembered so that you do not have to keep typing it in.

Now all you have to do to download the AIDE source code is type:

cvs co aide

Once you have checked out a copy of the source you can retrieve the latest version by typing:

cvs update

from within the root directory of the source distribution. This will only download the changes that have been made, saving you a lot of time. If you want to join the core developers with write access to the repository, send me an email and we'll see.

Future plans

Other database retrieval methods (http,ftp,sql?)
Compressed database support
ACL checking
Encrypted and signed database

Who's behind aide?

Rami Lehti(me), rammer@cs.tut.fi
Pablo Virolainen, pablo@cs.tut.fi

Disclaimer

All trademarks are the property of their respective owners.
No animals were harmed while making this webpage or this piece of software.
Although some pizza delivery guy's feelings were hurt.