Advanced Intrusion Detection Environment

Free software portal

The Advanced Intrusion Detection Environment (AIDE) was initially developed as a free replacement for Tripwire licensed under the terms of the GNU General Public License (GPL).

The primary developers are named as Rami Lehti and Pablo Virolainen, who are both associated with the Tampere University of Technology, along with Richard van den Berg, an independent Dutch security consultant. The project is used on many Unix-like systems as an inexpensive baseline control and rootkit detection system.

How it works

What Aide basically does is take a "snapshot" of the state of the system, register hashes, modification times and other data regarding the files defined by the administrator. This "snapshot" is used to build a database that is saved and (usually) stored in an external device.

When the administrator wants to run an integrity test, he places the previously built database in an accessible place and commands Aide to compare the database against the real status of the system. Should a change have happened to the computer between the snapshot creation and the test, Aide will detect it and report it to the administrator.

This is mainly useful for security purposes, given that any malicious change which could have happened inside of the system would be reported by Aide.

External links

• AIDE homepage
• AIDE SourceForge page