#+title: Aide
#+setupfile: ../org-templates/page.org

** Configure AIDE
Edit ~/etc/aide/aide.conf~. Enable the following options:
#+BEGIN_SRC shell
report_summarize_changes=true
#+END_SRC

** Initialize the database
#+BEGIN_SRC shell
sudo aide --config /etc/aide/aide.conf --init
#+END_SRC

AIDE will indicate the location of the new database when it finishes:
#+BEGIN_SRC shell
New AIDE database written to /var/lib/aide/aide.db.new
#+END_SRC

Rename the file:
#+BEGIN_SRC shell
sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db
#+END_SRC

** Trigger a check
#+BEGIN_SRC shell
sudo aide --check --config /etc/aide/aide.conf
#+END_SRC

** Crontab
#+BEGIN_SRC shell
0 3 * * * aide --check --config /etc/aide/aide.conf
#+END_SRC

** Update
Run AIDE after editing system files and install system updates or new packages so that AIDE can update their checksums in the AIDE database. This will help prevent false positives.
#+BEGIN_SRC shell
sudo aide --update --config /etc/aide/aide.conf
#+END_SRC