Ubuntu 16.04: File integrity check with AIDE

This article will describe AIDE which is a checker of file integrity.

1 Before install AIDE

Install Postfix with this script.

2 Install AIDE

Install aide package.

$ sudo apt install -y aide

3 Create database

Create database with aideinit which is wrapper script for "aide –init". The aideinit will create aide.db.new and copy to aide.db.


Unlike AIDE in other distribution, the configuration file is not /etc/aide.conf but the following file. Because it does not have /etc/aide.conf, running aide directly will cause error. /etc/aide/aide.conf.d/* are the configuration files for various packages.


4 File integrity check

aide.wrapper –check checks file integrity. aide.wrapper –update checks file integrity and create new database "aide.db.new". This needs to copy to aide.db.

$ sudo aide.wrapper --check
$ echo $?

If some file is changed, aide.wrapper will return non zero value.

$ sudo mv /usr/sbin/ip /usr/sbin/ip.orig
$ echo "modified" | sudo tee /usr/sbin/ip
$ sudo aide.wrapper --check
$ echo $?

Running cron job "/etc/cron.daily/aide" is better.

$ sudo /etc/cron.daily/aide

5 Cron job which runs aide

This cron job runs "aide.wrapper –update", copy created "aide.db.new" to aide.db and send email.


The configuration file for this cron job is the following. The email address is ${MAILTO}@${FQDN}.


If FQDN is not defined in /etc/default/aide, FQDN will be set to value of "hostname -f". This article will set FQDN to localhost. And default value of MAILTO is root.

$ sudo sed -e 's/^# FQDN=/FQDN=localhost/g' -i /etc/default/aide

After this, cron job will send to root@localhost 1 time in a day. You can send email to gmail with Postfix setting.