Monday, October 8, 2012

Monitor System with AIDE and SAR

AIDE, Advanced intrusion detection environment is a tool to check the integrity of files on the system

Steps to deploy AIDE
1. install the aide package
2. customize  /etc/aide.conf  to your preference
3. run  /usr/sbin/aide --init  to build the initial database
4. Store  /etc/aide.conf, /usr/sbin/aide, /var/lib/aide/ in a secure location
5. Copy /var/lib/aide/  to  /var/lib/aide/aide.db.gz
6. you can run the checking by # aide --check

Result will be display or save to /var/log/aide/aide.log by default

System Activity report

Install the sysstat package
run # sar -A to display all information collected
run # sar -u 2 5 to display five sample of system CPU usage with interval 2 second

No comments:

Post a Comment