1.3.1 Ensure AIDE is installed

Information

AIDE takes a snapshot of filesystem state including modification times, permissions, and file hashes which can then be used to compare against the current state of the filesystem to detect modifications to the system.

Rationale:

By monitoring the filesystem state compromised files can be detected to prevent or limit the exposure of accidental or malicious misconfigurations or modified binaries.

Solution

Run the following command to install aide :

# zypper install aide

Configure AIDE as appropriate for your environment. Consult the AIDE documentation for options.

Initialize AIDE:

# aide --init
# mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db

The name of the aide.db.new database may be different on your system.

See Also

https://workbench.cisecurity.org/files/3738

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

References: 800-53|AC-6(9), 800-53|AU-2, 800-53|AU-12, CSCv7|14.9

Plugin: Unix

Control ID: 38dccdbce7254a16250d1614b86974121b2740fc4221fc2cf53a9a34e1aa3497