AIDE is a program that scans important files in the system and reports any changes in the files relative to the accepted baseline. The security STIG requires that they run at least once a week; there is a cron file /etc/cron.weekly/aide=. The results are emailed to
Every time the system is patched, there are going to be lots of changes. The patching process on the servers performs the baselining (see below) to avoid this.
configuration file is
. This specifies the list of files that
will scan; it also lists the location of the accepted baseline file (
) and where the logs are to be written (
The accepted baseline is created by issuing
which will scan the appropriate files and record their checksums. This creates a new baseline database
. Rename the file to
to make it the new baseline for aide.