Originally Posted by
unspawn
Not to be pedantic about it but there's no opportunity to "learn from each other" until you actually share something anyone here can learn from.
Start with 'aide -c aide.conf -D;' and 'man aide.conf'. If you really don't get it post output of 'grep database_ aide.conf'.
I'm very much for sharing nfo efficiently. What's missing IMO is details about this machines location and role and a list of basic security measures you already implemented. (Also note that saying things like "machine under attack" is not useful w/o details.) Regardless of that be aware Red Hat has provided extensive admin documentation for ages which may serve as initial checklist. On top of that several organizations provide guidelines (NSA, NIST, SANS), benchmarks (Cisecurity, OVAL) and tools (Red Hat, 3rd party repos like EPEL) for free to help you assess this machines security posture. I suggest you start by posting the requested details, that way it's easier to fill in the gaps.