aide (security/aide) Updated: 7 months, 3 weeks ago Add to my watchlist

Advanced Intrusion Detection Environment

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more. It creates a database from the regular expression rules that it finds from the config file. Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) that are used to check the integrity of the file. More algorithms can be added with relative ease. All of the usual file attributes can also be checked for inconsistencies. It can read databases from older or newer versions. See the manual pages within the distribution for further info. There is also a beginning of a manual.

Version: 0.18.6 License: GPL-2 GitHub
Maintainers No Maintainer
Categories security
Homepage https://github.com/aide/aide
Platforms {darwin >= 12}
Variants
  • universal (Build for multiple architectures)

"aide" depends on

lib (3)
build (7)
test (1)

Ports that depend on "aide"

No ports


Port notes

If not existing, a default config has been copied to
${prefix}/etc/aide/aide.conf
Review it, especially adjust <myuser> to your environment.
It seems wildcard or @@var are not working there, at least on stable.

To initialize database
# aide --init

A default scheduled task has been set up once a day in
${prefix}/Library/LaunchDaemons/org.macports.aide.plist
Check if it fit you and start it like
# ln -s ${prefix}/Library/LaunchDaemons/org.macports.aide.plist /Library/LaunchDaemons/
and either one of those commands
# launchctl load -w /Library/LaunchDaemons/org.macports.aide.plist
# port load aide
An example config for rotating logs with system newsyslog is
${prefix}/share/examples/aide/mp-aide.conf
You can install it with
# cp ${prefix}/share/examples/aide/mp-aide.conf /private/etc/newsyslog.d/

You may need to enable permanently postfix so the scheduled task can send email:
Edit /System/Library/LaunchDaemons/org.postfix.master.plist
Remove the two strings lines with '-e' '60'.
Add a '<key>KeepAlive</key><true/>'
Also, default MacOS configuration have /var/root/.forward redirecting email to
/dev/null. Either change aide.conf or .forward to get mail report.

BUG: cron: only check mode, choice update


Port Health:

Loading Port Health

Installations (30 days)

2

Requested Installations (30 days)

2

Livecheck results

aide seems to have been updated (port version: 0.18.6, new version: 0.18.8)

livecheck ran: 1 day, 1 hour ago