aide (security/aide) Updated: 5 months, 2 weeks ago Add to my watchlist
Advanced Intrusion Detection EnvironmentAIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more. It creates a database from the regular expression rules that it finds from the config file. Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) that are used to check the integrity of the file. More algorithms can be added with relative ease. All of the usual file attributes can also be checked for inconsistencies. It can read databases from older or newer versions. See the manual pages within the distribution for further info. There is also a beginning of a manual.
Version: 0.18.6 License: GPL-2
GitHub
| Maintainers | No Maintainer |
| Categories | security |
| Homepage | https://github.com/aide/aide |
| Platforms | {darwin >= 12} |
| Variants |
|
"aide" depends on
lib (3)
build (7)
test (1)
Ports that depend on "aide"
No ports
Port notes
If not existing, a default config has been copied to
${prefix}/etc/aide/aide.conf
Review it, especially adjust <myuser> to your environment.
It seems wildcard or @@var are not working there, at least on stable.
To initialize database
# aide --init
A default scheduled task has been set up once a day in
${prefix}/Library/LaunchDaemons/org.macports.aide.plist
Check if it fit you and start it like
# ln -s ${prefix}/Library/LaunchDaemons/org.macports.aide.plist /Library/LaunchDaemons/
and either one of those commands
# launchctl load -w /Library/LaunchDaemons/org.macports.aide.plist
# port load aide
An example config for rotating logs with system newsyslog is
${prefix}/share/examples/aide/mp-aide.conf
You can install it with
# cp ${prefix}/share/examples/aide/mp-aide.conf /private/etc/newsyslog.d/
You may need to enable permanently postfix so the scheduled task can send email:
Edit /System/Library/LaunchDaemons/org.postfix.master.plist
Remove the two strings lines with '-e' '60'.
Add a '<key>KeepAlive</key><true/>'
Also, default MacOS configuration have /var/root/.forward redirecting email to
/dev/null. Either change aide.conf or .forward to get mail report.
BUG: cron: only check mode, choice update
Port Health:
Loading Port Health