5.3.2 Ensure filesystem integrity is regularly checked

Information

Periodic checking of the filesystem integrity is needed to detect changes to the filesystem.

Periodic file checking allows the system administrator to determine on a regular basis if critical files have been changed in an unauthorized fashion.

Solution

- IF - cron will be used to schedule and run aide check

Run the following command:

# crontab -u root -e

Add the following line to the crontab:

0 5 * * * /usr/sbin/aide --check

- OR -

- IF - aidecheck.service and aidecheck.timer will be used to schedule and run aide check:

Create or edit the file /etc/systemd/system/aidecheck.service and add the following lines:

[Unit]
Description=Aide Check

[Service]
Type=simple
ExecStart=/usr/sbin/aide --check

[Install]
WantedBy=multi-user.target

Create or edit the file /etc/systemd/system/aidecheck.timer and add the following lines:

[Unit]
Description=Aide check every day at 5AM

[Timer]
OnCalendar=*-*-* 05:00:00
Unit=aidecheck.service

[Install]
WantedBy=multi-user.target

Run the following commands:

# chown root:root /etc/systemd/system/aidecheck.*
# chmod 0644 /etc/systemd/system/aidecheck.*

# systemctl daemon-reload

# systemctl enable aidecheck.service
# systemctl --now enable aidecheck.timer

See Also

https://workbench.cisecurity.org/benchmarks/15962

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

References: 800-53|AC-6(9), 800-53|AU-2, 800-53|AU-12, CSCv7|14.9

Plugin: Unix

Control ID: 26682ad5484a4f160a5e5089c5a4e651f9349a4895038e7face808b0cae4226b