Issue setting up AIDE monitoring

[smcalilly]

I've asked this on stackexchange and r/linuxfornoobs but nobody has answered so I'm gonna see if I can get a hit here.

I’m setting up AIDE monitoring on Raspbian. I first tried over ssh but it timed out due to my timeout settings. Then I setup the new AIDE db directly on the RPi command line. I had to overwrite the DB that was created on the first try.

I ran sudo aide.wrapper --check after it successfully initialized and it returned a ton of files with mismatched hashes. Some of the mismatched original hashes were dated 8/30 and but I init'd on 8/31. I have no idea why...I installed AIDE on 8/31 and the system should be clean because it’s like three days old. Is that date based on the original creation of the file?

Two more questions:

1. should I be worried about all these changed hashes?
2. if not, how do I delete the aide database and start afresh? Is it as simple as deleting it via the path /var/lib/aide/aide.db.new

[imthenachoman]

Sorry for the late reply -- I'm just now getting time to reply.

I see you closed this. Did you figure it out?

[smcalilly]

@imthenachoman No worries, thanks for following up. I realized that the hashes were changed because of logging, so I set the AIDE config to ignore some logging