Advanced Intrusion Detection Environment
Encyclopedia
The Advanced Intrusion Detection Environment (AIDE) was initially developed as a free
replacement for Tripwire
licensed under the terms of the GNU General Public License
(GPL).
The primary developers are named as Rami Lehti and Pablo Virolainen, who are both associated with the Tampere University of Technology, along with Richard van den Berg, an independent Dutch
security consultant. The project is used on many Unix-like
systems as an inexpensive baseline
control and rootkit
detection system.
When the administrator wants to run an integrity test, he places the previously built database in an accessible place and commands Aide to compare the database against the real status of the system. Should a change have happened to the computer between the snapshot creation and the test, Aide will detect it and report it to the administrator.
This is mainly useful for security purposes, given that any malicious change which could have happened inside of the system would be reported by Aide.
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
replacement for Tripwire
Tripwire (company)
Tripwire, Inc. is a software company based in Portland, Oregon that develops, markets and sells information technology security and compliance automation solutions. The company's products provide organizations control over physical and virtual IT infrastructure...
licensed under the terms of the GNU General Public License
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....
(GPL).
The primary developers are named as Rami Lehti and Pablo Virolainen, who are both associated with the Tampere University of Technology, along with Richard van den Berg, an independent Dutch
Netherlands
The Netherlands is a constituent country of the Kingdom of the Netherlands, located mainly in North-West Europe and with several islands in the Caribbean. Mainland Netherlands borders the North Sea to the north and west, Belgium to the south, and Germany to the east, and shares maritime borders...
security consultant. The project is used on many Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
systems as an inexpensive baseline
Baseline (configuration management)
Configuration management is the process of managing change in hardware, software, firmware, documentation, measurements, etc. As change requires an initial state and next state, the marking of significant states within a series of several changes becomes important...
control and rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
detection system.
How does is work
What Aide does is basically to take an "snapshot" of the state of the system, registering hashes, modification time and other data regarding to the files defined by the administrator. This "snapshot" is used to build a database that is saved and (usually) stored in an external device.When the administrator wants to run an integrity test, he places the previously built database in an accessible place and commands Aide to compare the database against the real status of the system. Should a change have happened to the computer between the snapshot creation and the test, Aide will detect it and report it to the administrator.
This is mainly useful for security purposes, given that any malicious change which could have happened inside of the system would be reported by Aide.