Blame SOURCES/README.quickstart

ae43e7
1) Customize /etc/aide.conf to your liking. In particular, add
ae43e7
   important directories and files which you would like to be
ae43e7
   covered by integrity checks. Avoid files which are expected
ae43e7
   to change frequently or which don't affect the safety of your
ae43e7
   system.
ae43e7
ae43e7
2) Run "/usr/sbin/aide --init" to build the initial database.
ae43e7
   With the default setup, that creates /var/lib/aide/aide.db.new.gz
ae43e7
ae43e7
3) Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.new.gz
ae43e7
   in a secure location, e.g. on separate read-only media (such as
ae43e7
   CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures
ae43e7
   of those files in a secure location, so you have means to verify
ae43e7
   that nobody modified those files.
ae43e7
ae43e7
4) Copy /var/lib/aide/aide.db.new.gz to /var/lib/aide/aide.db.gz
ae43e7
   which is the location of the input database.
ae43e7
ae43e7
5) Run "/usr/sbin/aide --check" to check your system for inconsistencies
ae43e7
   compared with the AIDE database. Prior to running a check manually,
ae43e7
   ensure that the AIDE binary and database have not been modified
ae43e7
   without your knowledge.
ae43e7
   
ae43e7
   Caution! 
ae43e7
   
ae43e7
   With the default setup, an AIDE check is not run periodically as a
ae43e7
   cron job. It cannot be guaranteed that the AIDE binaries, config
ae43e7
   file and database are intact. It is not recommended that you run
ae43e7
   automated AIDE checks without verifying AIDE yourself frequently.
ae43e7
   In addition to that, AIDE does not implement any password or
ae43e7
   encryption protection for its own files.
ae43e7
   
ae43e7
   It is up to you how to put a file integrity checker to good effect
ae43e7
   and how to set up automated checks if you think it adds a level of
ae43e7
   safety (e.g. detecting failed/incomplete compromises or unauthorized
ae43e7
   modification of special files). On a compromised system, the
ae43e7
   intruder could disable the automated check. Or he could replace the
ae43e7
   AIDE binary, config file and database easily when they are not
ae43e7
   located on read-only media. 
ae43e7