{"id":4606,"date":"2012-09-12T20:24:24","date_gmt":"2012-09-13T00:24:24","guid":{"rendered":"http:\/\/g33kinfo.com\/info\/?p=4606"},"modified":"2012-09-12T20:24:24","modified_gmt":"2012-09-13T00:24:24","slug":"automatically-detect-file-changes-on-your-server","status":"publish","type":"post","link":"https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/","title":{"rendered":"Automatically Detect File Changes on Your Server"},"content":{"rendered":"

From bashshell.net<\/a><\/p>\n

AIDE (Advanced Intrusion Detection Environment) is the Open Source version of Tripwire. AIDE takes a snapshot of every file on your server, records it and then will notify you of any changes. This tutorial will show you how to create a script that will automate this process and send you an email of the outcome.<\/p>\n

Step #1: Install and Configure AIDE<\/strong>
\nIf you need more information on installation and configuring AIDE<\/a>.<\/p>\n

<\/p>\n

Initialize the database first. It will create a database in \/var\/lib\/aide.
\n
\naide --init
\nmv \/var\/lib\/aide\/aide.db.new.gz \/var\/lib\/aide\/aide\/db.gz
\naide --check
\n<\/code>
\n 
\nIf you run aide and files have changed, review the files and then determine if they are legitimate changes. If they are update. Notice in this example you can see changed files and the sums for those that changed.
\n 
\n 
\nNow run an update.
\naide --update<\/code>
\n 
\n 
\nOnce you have updated change to the database directory and copy the new database to the original.
\ncd \/var\/lib\/aide
\ncp aide.db.new.gz aide.db.gz<\/code>
\n 
\n <\/p>\n

Step #2: Create a Script to Monitor Your Server<\/strong>
\nYou will need to constantly update so you do not see the same files that you have verified previously.
\nCreate the script aide.sh and place it in the \/root\/scripts directory. Test and then create a cron job to run it.
\n
\n#!\/bin\/bash
\n# Create 4 Hour Cron Job With AIDE
\n\/usr\/sbin\/aide --check > \/tmp\/aide
\nlogfile=\/tmp\/aide
\nx=$(grep \"Looks okay\" $logfile | wc -l)
\nif [ $x -eq 1 ]
\nthen
\necho \"All Systems Look OK\" | \/bin\/mail -s \"AIDE OK\" your_email
\nelse
\necho \"$(egrep \"added|changed\" \/tmp\/aide)\" | \/bin\/mail -s \"AIDE PROBLEM\" your_email<\/code><\/p>\n

fi
\nexit<\/p>\n

 
\n 
\nStep #3: Create 4 Hour Cron Job With AIDE<\/strong>
\nYou need to create a cron job which will run on a regular basis to check to see if files change on the system.
\n\/usr\/sbin\/aide --check > \/tmp\/aide<\/code>
\n 
\n 
\nCreate a temporary file to evaluate. This file will be overwritten on the next check.
\nlogfile=\/tmp\/aide<\/code>
\n 
\n 
\nThe variable sets the location of the temporary file.
\nx=$(grep \"Looks okay\" $logfile | wc -l)
\nif [ $x -eq 1 ]
\nthen
\necho \"All Systems Look OK\" | \/bin\/mail -s \"AIDE OK\" your_email
\nelse
\necho \"$(egrep \"added|changed\" \/tmp\/aide)\" | \/bin\/mail -s \"AIDE PROBLEM\" your_email
\nfi
\nexit
\n<\/code>
\n 
\nThe script firsts checks the logfile to see if there are changes or if it is \u201cokay\u201d. If there are no changes then the script sends a message that \u201cAll Systems Look OK\u201d. If there are changes, the script lists those files and folders that have been added or changed in an email.<\/p>\n

AIDE output must be dealt with as an administrator. So if you see that files have changed but you recognize the changes were performed by your staff then you need to update and reset everything.<\/p>\n

If the changes were NOT legitimate, then you have other serious problems to deal with.<\/p>\n

From bashshell.net<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

From bashshell.net AIDE (Advanced Intrusion Detection Environment) is the Open Source version of Tripwire. AIDE takes a snapshot of every file on your server, records it and then will notify you of any changes. This tutorial will show you how to create a script that will automate this process and send you an email of… <\/p>\n

Read More<\/i><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4606","post","type-post","status-publish","format-standard","hentry","category-linux-apps"],"yoast_head":"\nAutomatically Detect File Changes on Your Server - Linux Shtuff<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Automatically Detect File Changes on Your Server - Linux Shtuff\" \/>\n<meta property=\"og:description\" content=\"From bashshell.net AIDE (Advanced Intrusion Detection Environment) is the Open Source version of Tripwire. AIDE takes a snapshot of every file on your server, records it and then will notify you of any changes. This tutorial will show you how to create a script that will automate this process and send you an email of... Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux Shtuff\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:author\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:published_time\" content=\"2012-09-13T00:24:24+00:00\" \/>\n<meta name=\"author\" content=\"g33kadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/drsinger1111\" \/>\n<meta name=\"twitter:site\" content=\"@drsinger1111\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/automatically-detect-file-changes-on-your-server\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/automatically-detect-file-changes-on-your-server\\\/\"},\"author\":{\"name\":\"g33kadmin\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"headline\":\"Automatically Detect File Changes on Your Server\",\"datePublished\":\"2012-09-13T00:24:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/automatically-detect-file-changes-on-your-server\\\/\"},\"wordCount\":380,\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"articleSection\":[\"Apps\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/automatically-detect-file-changes-on-your-server\\\/\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/automatically-detect-file-changes-on-your-server\\\/\",\"name\":\"Automatically Detect File Changes on Your Server - Linux Shtuff\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\"},\"datePublished\":\"2012-09-13T00:24:24+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/automatically-detect-file-changes-on-your-server\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/automatically-detect-file-changes-on-your-server\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/automatically-detect-file-changes-on-your-server\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Automatically Detect File Changes on Your Server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\",\"name\":\"Linux Shtuff\",\"description\":\"Because I have CRS Syndrome...\",\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\",\"name\":\"g33kadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"contentUrl\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"width\":512,\"height\":512,\"caption\":\"g33kadmin\"},\"logo\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\"},\"description\":\"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\\\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....\",\"sameAs\":[\"https:\\\/\\\/thelinuxreport.com\",\"https:\\\/\\\/fb.me\\\/g33kinf0\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/drsinger1111\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Automatically Detect File Changes on Your Server - Linux Shtuff","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/","og_locale":"en_US","og_type":"article","og_title":"Automatically Detect File Changes on Your Server - Linux Shtuff","og_description":"From bashshell.net AIDE (Advanced Intrusion Detection Environment) is the Open Source version of Tripwire. AIDE takes a snapshot of every file on your server, records it and then will notify you of any changes. This tutorial will show you how to create a script that will automate this process and send you an email of... Read More","og_url":"https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/","og_site_name":"Linux Shtuff","article_publisher":"https:\/\/fb.me\/g33kinf0","article_author":"https:\/\/fb.me\/g33kinf0","article_published_time":"2012-09-13T00:24:24+00:00","author":"g33kadmin","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/drsinger1111","twitter_site":"@drsinger1111","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/#article","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/"},"author":{"name":"g33kadmin","@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"headline":"Automatically Detect File Changes on Your Server","datePublished":"2012-09-13T00:24:24+00:00","mainEntityOfPage":{"@id":"https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/"},"wordCount":380,"publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"articleSection":["Apps"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/","url":"https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/","name":"Automatically Detect File Changes on Your Server - Linux Shtuff","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/#website"},"datePublished":"2012-09-13T00:24:24+00:00","breadcrumb":{"@id":"https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/g33kinfo.com\/info\/automatically-detect-file-changes-on-your-server\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/g33kinfo.com\/info\/"},{"@type":"ListItem","position":2,"name":"Automatically Detect File Changes on Your Server"}]},{"@type":"WebSite","@id":"https:\/\/g33kinfo.com\/info\/#website","url":"https:\/\/g33kinfo.com\/info\/","name":"Linux Shtuff","description":"Because I have CRS Syndrome...","publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/g33kinfo.com\/info\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547","name":"g33kadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","url":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","contentUrl":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","width":512,"height":512,"caption":"g33kadmin"},"logo":{"@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif"},"description":"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....","sameAs":["https:\/\/thelinuxreport.com","https:\/\/fb.me\/g33kinf0","https:\/\/x.com\/https:\/\/twitter.com\/drsinger1111"]}]}},"_links":{"self":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/4606","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/comments?post=4606"}],"version-history":[{"count":0,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/4606\/revisions"}],"wp:attachment":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/media?parent=4606"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/categories?post=4606"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/tags?post=4606"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}