發表文章

目前顯示的是 二月, 2015的文章

AIDE

AIDE 是稽核LINUX 上系統異動的情況,包含權限異動也都可以查到。

最後修改日期:2014/2/20

基本使用:

1. 首次使用時輸入 aide --init
輸出的資料檔為:/var/lib/aide/,記得要換名稱、否則日後比對時會找不到基準到。

# aide --check   AIDE found differences between database and filesystem!! Start timestamp: 2014-01-05 08:03:47   Summary: Total number of files: 39240 Added files: 0 Removed files: 0 Changed files: 20   --------------------------------------------------- Changed files: ---------------------------------------------------   changed: /usr/sbin changed: /usr/libexec changed: /usr/libexec/gcc/x86_64-redhat-linux/4.4.4 changed: /usr/libexec/getconf changed: /usr/libexec/polkit-1 changed: /usr/libexec/utempter changed: /usr/libexec/awk changed: /usr/bin changed: /usr/lib64 changed: /usr/lib64/pm-utils/bin changed: /usr/lib64/nss/unsupported-tools changed: /usr/lib64/sa changed: /usr/lib64/perl5/CORE changed: /root changed: /root/.viminfo changed: /lib/udev changed: /bin changed: /lib64 changed: /lib64/db…