Software Integrity Checker (AIDE) and Pre-linking
AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker. This mechanism creates a database from the regular expression rules that it finds in its configuration file. Once this database is initialized, it can be used to verify the integrity of the files.
Pre-linking is designed to decrease process startup time by loading each shared library into an address for which the linking of needed symbols has already been performed. After a binary has been pre-linked, the address where the shared libraries are loaded will no longer be random on a per-process basis. This is undesirable because it provides a stable address for an attacker to use during an exploitation attempt.
|
➢
|
To start AIDE and disable pre-linking: |
|
1.
|
From the Security menu, choose Software Integrity Checker (AIDE) and Pre-linking; the current status of these two processes is displayed: |
Software Integrity Checker (AIDE) and Pre-linking
|
2.
|
Do one of the following: |
|
●
|
Type y to enable AIDE and disable pre-linking, and then press Enter. |
|
●
|
Type n to disable AIDE and enable pre-linking, and then press Enter. |