I’ve just released AIDE+gpg 1.0.4, which adds support for signing and verifying signatures on the AIDE binary itself (/usr/sbin/aide), and on the AIDE configuration file (/etc/aide.conf). Thanks to George Notaras for giving me the suggestion.

Apparently someone other than myself uses these scripts. =) AIDE+gpg is a set of scripts to make AIDE more like Tripwire in that the database is cryptographically signed (with gpg) so you can be alerted as to whether or not the AIDE database has been tampered with between runs. It also setups a cron job to check the database against the system daily to alert you of any changes. It is an add-on to AIDE that can be used on any Linux distribution (and probably distributions as well, although you may need to edit the scripts if the binary locations for gpg and aide differ from RHEL).

You can grab it from the project page.

Share on: TwitterLinkedIn

Related Posts





Stay in touch