Advanced Prohibited Files

Author(s): Matthias Lee (ml2322)

Last Updated: 07-07-2025

Recommended Prerequisites (click to expand)

Intermediate Prohibited Files

AIDE

The most comprehensive solution to find prohibited files is to use AIDE (Advanced Intrusion Detection Environment). AIDE works by storing a database of all files on the system, and their attributes, and it then compares your system to the backup DB, which you make on a clean VM. AIDE is the most complicated method, as it requires specific configurations, and often also requires custom filters to make the output more usable.

Further Reading

• https://aide.github.io/
• https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/security_guide/sec-using-aide