AIDE
Generate initial database
aide --init
Database in /etc/aide.conf
To start using the db:
mv \
/var/lib/aide/aide.db.new.gz \
/var/lib/aide/aide.db.gz
After system changes, update
aide --update
Integrity check
aide --check
Permissions issue
# Check if user _aide exists
grep _aide /etc/passwd
# Check if group _aide exists
grep _aide /etc/group
# Check perms of /var/log/aide
sudo find /var/log/aide -exec ls -ld {} +
# Check perms of aide database
sudo find /var/lib/aide -exec ls -ld {} +