Revision as of 20:55, 16 September 2011 edit 95.124.153.28 (talk) No edit summary ← Previous edit		Revision as of 22:36, 30 January 2012 edit undo 205.140.217.66 (talk) →How does is work Next edit →
Line 30: The primary developers are named as Rami Lehti and Pablo Virolainen, who are both associated with the [[Tampere University of Technology]], along with Richard van den Berg, an independent [[Netherlands\|Dutch]] security consultant. The project is used on many [[Unix-like]] systems as an inexpensive [[baseline (configuration management)\|baseline]] control and [[rootkit]] detection system. ==How ~~does~~it ~~is work~~works== What Aide basically does is ~~basically to~~ take ana "snapshot" of the state of the system, ~~registering~~register hashes, modification ~~time~~times and other data regarding to the files defined by the administrator. This "snapshot" is used to build a database that is saved and (usually) stored in an external device. When the administrator wants to run an integrity test, he places the previously built database in an accessible place and commands Aide to compare the database against the real status of the system. Should a change have happened to the computer between the snapshot creation and the test, Aide will detect it and report it to the administrator.

Advanced Intrusion Detection Environment: Difference between revisions