Checking File Changes with AIDE

AIDE – Advanced Intrusion Detection Environment

This perl script uses AIDE to check if any files on a specified file system or directory tree has changed. It’s a fairly simple script, but it will work on clustered file system where the disk can be mounted on different hosts depending at any one time. It will send mail to a designated participant and it is controlled mostly through an ini file.¬† You will have to pay attention to the ini and conf files and change their configuration to something that makes sense for your environment. And of course you will have to make a modest effort to learn how to use AIDE.

I put file_checks.sh into cron where it can be run as often as is deemed necessary. The larger the directory tree the longer it takes to run. I found it to be very fast.

and here is the script:

To verify the files,

  • Import the gpg key from here
  • ¬†remove the “_.txt” ending from the file names if you downloaded the files.

then

$ gpg --verify filename.asc filename

opt.ini
opt.conf

file_checks.sh
file_checks.sh.asc

file_check.pl
file_check.pl.asc


Leave a Reply