Advanced Intrusion Detection Environment

Last updated
Advanced Intrusion Detection Environment
Developer(s) Rami Lehti, Pablo Virolainen
Stable release
0.18.1 [1] OOjs UI icon edit-ltr-progressive.svg / 4 March 2023;2 days ago (4 March 2023)
Repository
Written in C
Operating system Unix-like
Type Security (HIDS)
License GNU General Public License
Website aide.github.io

The Advanced Intrusion Detection Environment (AIDE) was initially developed as a free replacement for Tripwire licensed under the terms of the GNU General Public License (GPL).

Contents

The primary developers are named as Rami Lehti and Pablo Virolainen, who are both associated with the Tampere University of Technology, along with Richard van den Berg, an independent Dutch security consultant. The project is used on many Unix-like systems as an inexpensive baseline control and rootkit detection system.

Functionality

AIDE takes a "snapshot" of the state of the system, register hashes, modification times, and other data regarding the files defined by the administrator. This "snapshot" is used to build a database that is saved and may be stored on an external device for safekeeping.

When the administrator wants to run an integrity test, the administrator places the previously built database in an accessible place and commands AIDE to compare the database against the real status of the system. Should a change have happened to the computer between the snapshot creation and the test, AIDE will detect it and report it to the administrator. Alternatively, AIDE can be configured to run on a schedule and report changes daily using scheduling technologies such as cron, which is the default behavior of the Debian AIDE package. [2]

This is mainly useful for security purposes, given that any malicious change which could have happened inside of the system would be reported by AIDE.

See also

Related Research Articles

<span class="mw-page-title-main">Debian</span> Linux distribution based on free and open-source software

Debian, also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of Debian (0.01) was released on September 15, 1993, and its first stable version (1.1) was released on June 17, 1996. The Debian Stable branch is the most popular edition for personal computers and servers. Debian is also the basis for many other distributions, most notably Ubuntu.

<span class="mw-page-title-main">Linux distribution</span> Operating system based on the Linux kernel

A Linux distribution is an operating system made from a software collection that includes the Linux kernel, and often a package management system. Linux users usually obtain their operating system by downloading one of the Linux distributions, which are available for a wide variety of systems ranging from embedded devices and personal computers to powerful supercomputers.

<span class="mw-page-title-main">Intrusion detection system</span> Network protection device or software

An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.

<span class="mw-page-title-main">Exim</span> Mail transfer agent (written 1995)

Exim is a mail transfer agent (MTA) used on Unix-like operating systems. Exim is free software distributed under the terms of the GNU General Public License, and it aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail.

<span class="mw-page-title-main">APT (software)</span> Free software package management system

Advanced package tool, or APT, is a free-software user interface that works with core libraries to handle the installation and removal of software on Debian, and Debian-based Linux distributions. APT simplifies the process of managing software on Unix-like computer systems by automating the retrieval, configuration and installation of software packages, either from precompiled files or by compiling source code.

<span class="mw-page-title-main">Ubuntu</span> Linux distribution developed by Canonical

Ubuntu is a Linux distribution based on Debian and composed mostly of free and open-source software. Ubuntu is officially released in three editions: Desktop, Server, and Core for Internet of things devices and robots. All of the editions can run on a computer alone, or in a virtual machine. Ubuntu is a popular operating system for cloud computing, with support for OpenStack. Ubuntu's default desktop changed back from the in-house Unity to GNOME after nearly 6.5 years in 2017 upon the release of version 17.10.

<span class="mw-page-title-main">Host-based intrusion detection system</span> Type of intrusion detection system

A host-based intrusion detection system (HIDS) is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system (NIDS) operates. This was the first type of intrusion detection software to have been designed, with the original target system being the mainframe computer where outside interaction was infrequent.

Technical variations of Linux distributions include support for different hardware devices and systems or software package configurations. Organizational differences may be motivated by historical reasons. Other criteria include security, including how quickly security upgrades are available; ease of package management; and number of packages available.

<span class="mw-page-title-main">LAMP (software bundle)</span> Acronym for a common web hosting solution

LAMP is an acronym denoting one of the most common software stacks for many of the web's most popular applications. However, LAMP now refers to a generic software stack model and its components are largely interchangeable.

<span class="mw-page-title-main">Nexenta OS</span> Discontinued computer operating system

Nexenta OS, officially known as the Nexenta Core Platform, is a discontinued computer operating system based on OpenSolaris and Ubuntu that runs on IA-32- and x86-64-based systems. It emerged in fall 2005, after Sun Microsystems started the OpenSolaris project in June of that year. Nexenta Systems, Inc. initiated the project and sponsored its development. Nexenta OS version 1.0 was released in February 2008.

<span class="mw-page-title-main">AppArmor</span> Linux kernel security module

AppArmor is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It has been partially included in the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009.

<span class="mw-page-title-main">PulseAudio</span> Sound server for Unix-like operating systems

PulseAudio is a network-capable sound server program distributed via the freedesktop.org project. It runs mainly on Linux, various BSD distributions such as FreeBSD and OpenBSD, macOS, as well as Illumos distributions and the Solaris operating system.

<span class="mw-page-title-main">OSSIM</span> Security information and event management system

OSSIM is an open source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention.

<span class="mw-page-title-main">Linux Mint</span> Ubuntu-based Linux distribution

Linux Mint is a community-driven Linux distribution based on Ubuntu, bundled with a variety of free and open-source applications. It can provide full out-of-the-box multimedia support for those who choose to include proprietary software such as multimedia codecs.

Data loss prevention (DLP) software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.

Debbugs is the software powering the Debian project's issue tracking system. Uniquely it doesn't have any form of web-interface to edit bug reports – all modification is done through email. Debbugs was mainly written by Ian Jackson, former Debian project leader.

Tiger is a security software for Unix-like computer operating systems. It can be used both as a security audit tool and a host-based intrusion detection system and supports multiple UNIX platforms. Tiger is free under the GPL license and unlike other tools, it needs only of POSIX tools, and is written entirely in shell language.

systemd Suite of system components for Linux

systemd is a software suite that provides an array of system components for Linux operating systems. The main aim is to unify service configuration and behavior across Linux distributions. Its primary component is a "system and service manager" – an init system used to bootstrap user space and manage user processes. It also provides replacements for various daemons and utilities, including device management, login management, network connection management, and event logging. The name systemd adheres to the Unix convention of naming daemons by appending the letter d. It also plays on the term "System D", which refers to a person's ability to adapt quickly and improvise to solve problems.

Long-term support (LTS) is a product lifecycle management policy in which a stable release of computer software is maintained for a longer period of time than the standard edition. The term is typically reserved for open-source software, where it describes a software edition that is supported for months or years longer than the software's standard edition.

Comparison of host-based intrusion detection system components and systems.

References

  1. "Release 0.18.1". 4 March 2023. Retrieved 5 March 2023.
  2. "Using Aide on Ubuntu 12.04 LTS (Precise Pangolin) and Debian 7 (Wheezy)". Archived from the original on 9 January 2013. Retrieved 12 March 2013.