Ubuntu: Does Aide compare against repo versions or only against my own files?


Is there any point in installing Aide on a long-installed machine? or is it only trustworthy if installed immediately after a fresh install or run from thumb drive?


A non-techy friend has a laptop that I help him stay in business with. It was originally installed with 14.04 LTS and upgraded to 16.04 LTS. He has only a user password, no root password, nor is he in sudo group. I've told him many times not to click unknown attachments but I know once in a while he still tries to open stuff, e.g. video attachments, from friends that may have been hacked, have viruses etc.

Lately the laptop has been "getting slow" and I don't see a good reason in terms of the fairly basic things I know how to check (disk is not full, it is not swapping, top shows 2-5 items at various times, each using < 2-5%, etc). Maybe I should check more of this basic stuff first but I'm feeling a little paranoid that it is hacked or rootkitted.

I used to use Tripwire on all my servers so I am familiar with how that builds a database and then monitors changes compared to that. If the laptop's files are already hacked, and Aide works the same way, then this is not helpful. But if Aide has some secure way to check against the repository versions of binaries then I suppose it could tell me if I'm safe without requiring a fresh install.

Obviously a fresh install would be the most certain way to be safe, but he is 400 km away and on slooow satellite internet so fresh install takes a ton of effort.


Aide compares against your own files.

From man aide (http://manpages.ubuntu.com/manpages/trusty/man1/aide.1.html) and the Aide manual (http://www.cs.tut.fi/~rammer/aide/manual.html):

"--init, -i Initialize the database. You must initialize a database and move it to the appropriate place before you can use the --check command."


"Typically, a system administrator will create an AIDE database on a new system before it is brought onto the network. This first AIDE database is a snapshot of the system in it's normal state and the yardstick by which all subsequent updates and changes will be measured."

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »