AIDE Remote Aggregation - Command Reference
Note: This reference provides the key commands and concepts for building a remote AIDE verification system. For a complete, production-ready implementation with automation scripts, monitoring, and enterprise-grade security hardening, contact me for consulting.
π SSH Key Setup
Generate a dedicated SSH key for AIDE synchronization:
1
2
3
4
5
# Ed25519 (recommended for modern systems)
ssh-keygen -t ed25519 -f /root/.ssh/id_ledger_push -C "AIDE sync"
# Set restrictive permissions
chmod 600 /root/.ssh/id_ledger_push
Key concept: Use a purpose-specific key, not your general SSH key. This limits exposure if compromised.
π‘οΈ Secure the Remote Server
On the remote server, restrict what the SSH key can do:
1
2
# In the remote user's ~/.ssh/authorized_keys file:
command="/path/to/wrapper-script.sh",no-pty,no-port-forwarding ssh-ed25519 AAAA...
Key restrictions:
command="..."β Forces execution of specific script onlyno-ptyβ Prevents interactive shell accessno-port-forwardingβ Blocks tunneling
Why this matters: Even if someone steals your SSH key, they canβt get a shell or run arbitrary commands.
Wrapper script concept: A simple bash script that validates the rsync command and destination path, rejecting everything else. This prevents the key from being used for anything except the intended data transfer.
π€ Sync AIDE Data
Use rsync with filters to transfer only what matters:
1
2
3
4
5
rsync -avz --timeout=60 \
--include-from=/etc/ledger-push-filters.txt \
-e "ssh -i /root/.ssh/id_ledger_push" \
/var/lib/system_metrics/ \
remote-user@remote-server:/path/to/incoming/
Filter file example (/etc/ledger-push-filters.txt):
1
2
3
4
5
+ .c # Ledger chain
+ .l/*** # Logs
+ .h/*** # Hashes
+ .s/*** # Signatures
- * # Everything else
Pro tip: Remove the --delete flag to prevent attackers from destroying remote evidence.
β Verify Remote Integrity
On the remote server, compare incoming data against archived baselines:
1
2
3
4
5
6
7
8
# Create baseline archive (first time)
tar -czf baseline_$(date +%Y%m%d).tar.gz /path/to/incoming/
# Verify ledger chain integrity
diff archived/.c incoming/.c
# Create new archive after verification
tar -czf archive_$(date +%Y%m%d).tar.gz /path/to/incoming/
What to look for:
- New entries at end of ledger chain = β Normal
- Changes to historical entries = π¨ Tampering detected
π Security Enhancements
Make Archives Immutable
1
chattr +i /path/to/archive.tar.gz
Prevents deletion or modification, even by root.
Restrict Network Access
1
2
3
4
5
# Example firewall rule (firewalld)
firewall-cmd --permanent --add-rich-rule='
rule family="ipv4"
source address="YOUR_SOURCE_IP/32"
port protocol="tcp" port="22" accept'
Only allow SSH from your monitored systems.
π οΈ Key Paths
| Location | Purpose |
|---|---|
/root/.ssh/id_ledger_push | SSH private key for sync |
/etc/ledger-push-filters.txt | Rsync filter rules |
/var/lib/system_metrics/ | Source AIDE artifacts |
/path/to/incoming/ | Remote incoming directory |
/path/to/archives/ | Remote archive storage |
π Whatβs Missing from This Guide?
This reference shows the core concepts and key commands, but a production implementation requires:
- β Automated sync scripts with error handling and logging
- β GPG signature verification for incoming data
- β Systemd timers for scheduled synchronization
- β Monitoring and alerting for failed verifications
- β Archive retention policies to manage disk space
- β Disaster recovery procedures for compromised systems
- β Complete wrapper scripts with path validation
- β Remote server setup with proper user accounts and permissions
Need a turnkey solution? I offer consulting services for implementing production-ready AIDE infrastructure with:
- Complete automation and monitoring
- Security hardening and compliance alignment
- Custom integration with your existing systems
- Ongoing support and maintenance
Contact me for infrastructure consulting
𧩠Related Articles
- AIDE - File Integrity Monitoring for System Security
- AIDE in Motion: Automating and Signing System Integrity Checks
- AIDE Automation Framework: From Integrity Checks to Self-Verification
More guides: sebostechnology.com Need help with your infrastructure? I offer consulting for server automation, security hardening, and infrastructure optimization.