Advanced Intrusion Detection Environment: Difference between revisions

| latest release version = 0.15.1{{wikidata|property|preferred|references|edit@end|Q2825369|P348}}

| latest release date = {{StartRelease date and age|2010{{wikidata|09qualifier|10preferred|single|Q2825369|P348|P577}}}}

| genre = Security ([[Host-based intrusion detection system|HIDS]])

| website = {{URL|httphttps://aide.sourceforgegithub.netio/}}

AideAIDE takes a "snapshot" of the state of the system, register hashes, modification times, and other data regarding the files defined by the administrator. This "snapshot" is used to build a database that is saved and may be stored on an external device for safekeeping.

When the administrator wants to run an integrity test, the administrator places the previously built database in an accessible place and commands AideAIDE to compare the database against the real status of the system. Should a change have happened to the computer between the snapshot creation and the test, AideAIDE will detect it and report it to the administrator. Alternatively, AideAIDE can be configured to run on a schedule and report changes daily using scheduling technologies such as [[cron]], which is the default behavior of the [[Debian]] AideAIDE package.<ref>{{cite web|title=Using Aide on Ubuntu 12.04 LTS (Precise Pangolin) and Debian 7 (Wheezy)|url=http://www.snekul.com/wordpress/blog/2012/09/27/using-aide-on-ubuntu-12-04-lts-precise-pangolin-and-debian-7-wheezy/|archive-url=https://web.archive.org/web/20130109055116/http://www.snekul.com/wordpress/blog/2012/09/27/using-aide-on-ubuntu-12-04-lts-precise-pangolin-and-debian-7-wheezy/|url-status=dead|archive-date=9 January 2013|accessdate=12 March 2013}}</ref>

This is mainly useful for security purposes, given that any malicious change which could have happened inside of the system would be reported by AideAIDE.

==External linksSee also ==

[[categoryCategory:Intrusion detection systems]]