AIDE
AIDE is a program that scans important files in the system and reports any changes in the files relative to the accepted baseline. The security STIG requires that they run at least once a week; there is a cron file /etc/cron.weekly/aide=. The results are emailed to
usno-admins
.
Every time the system is patched, there are going to be lots of changes. The patching process on the servers performs the baselining (see below) to avoid this.
Configuration Files
The primary
aide
configuration file is
/etc/aide.conf
. This specifies the list of files that
aide
will scan; it also lists the location of the accepted baseline file (
/var/lib/aide/aide.db.gz
) and where the logs are to be written (
/var/lib/aide
).
Baselining
The accepted baseline is created by issuing
aide --init=
which will scan the appropriate files and record their checksums. This creates a new baseline database
/var/lib/aide/aide.db.new.gz
. Rename the file to
aide.db.gz
to make it the new baseline for aide.
--
JimJacobs - 2020-09-30