As part of my work migrating to Red Hat Enterprise Linux 6, I found that AIDE+gpg does not work with GnuPG2 (previously, Red Hat Enterprise Linux 5 and Annvix only used GnuPG version 1). The AIDE+gpg scripts now work with GnuPG version 2, and a new version is available from the AIDE+gpg project page.

I don’t know if anyone other than myself uses this, but it’s a set of scripts to make AIDE more like Tripwire in that the database is cryptographically signed (with gpg) so you can be alerted as to whether or not the AIDE database has been tampered with between runs. It also setups a cron job to check the database against the system daily to alert you of any changes. It is an add-on to AIDE that can be used on any Linux distribution (and probably distributions as well, although you may need to edit the scripts if the gpg binary location differs from RHEL).

Share on: TwitterLinkedIn

Related Posts





Stay in touch