1.3.1 Ensure AIDE is installed

Information

Advanced Intrusion Detection Environment (AIDE) is a intrusion detection tool that uses predefined rules to check the integrity of files and directories in the Linux operating system. AIDE has its own database to check the integrity of files and directories.

AIDE takes a snapshot of files and directories including modification times, permissions, and file hashes which can then be used to compare against the current state of the filesystem to detect modifications to the system.

Rationale:

By monitoring the filesystem state compromised files can be detected to prevent or limit the exposure of accidental or malicious misconfigurations or modified binaries.

Solution

Run the following command to install AIDE:

# dnf install aide

Configure AIDE as appropriate for your environment. Consult the AIDE documentation for options.
Initialize AIDE:
Run the following commands:

# aide --init

# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

See Also

https://workbench.cisecurity.org/files/3939

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

References: 800-53|AC-6(9), 800-53|AU-2, 800-53|AU-12, CSCv7|14.9

Plugin: Unix

Control ID: 4566d238a22e434003c3c68a4c3a472103863961653f1348577b218c1b713b7a