[[email protected] ~]# yum -y install aide
[[email protected] ~]# vim /etc/aide.conf 
# 添加下列行：
/molewan        NORMAL
[[email protected]

3、模擬在aide監管的目錄下，新添加一個文件

[[email protected] ~]# cd /molewan/
[[email protected] molewan]# cp /etc/passwd .
[[email protected] molewan]# ls
passwd

4、執行aide進行檢查

[[email protected] molewan]# aide --check
Entry /root/.mysql_history in databases has different attributes: 20000001d 20020001d
AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2017-06-22 10:35:10
Summary:
  Total number of files:272614
  Added files:1
  Removed files:0
  Changed files:3
---------------------------------------------------
Added files:
---------------------------------------------------
added: /molewan/passwd
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /opt/gitlab/sv/logrotate/supervise/pid
changed: /opt/gitlab/sv/logrotate/supervise/status
changed: /root/.mysql_history
---------------------------------------------------
Detailed information about changes:
---------------------------------------------------
File: /opt/gitlab/sv/logrotate/supervise/pid
SHA256   : 1JSst6Quw/tdtJftiGt/21jUIBRbzOcQ , NUB/zWnJypaqQW2QQcC/Mx5e1QInQn+0
File: /opt/gitlab/sv/logrotate/supervise/status
SHA256   : A/GkExLS7Y1JyYVE4N7/I1pUxRH/xj1P , BKuJ49lWHu2kprL//4A+AO/lJZS7evFx
File: /root/.mysql_history
Perm     : lrwxrwxrwx                       , -rw-------
說明：可以發現，新添加哪些文件，修改了哪些參數

參考資料：http://os.51cto.com/art/201411/457358.htm

本文出自 “冰凍vs西瓜” 博客，請務必保留此出處http://molewan.blog.51cto.com/287340/1940878

CentOS7下的AIDE入侵檢測配置