AIDE

AIDE is a program that scans important files in the system and reports any changes in the files relative to the accepted baseline. The security STIG requires that they run at least once a week; there is a cron file /etc/cron.weekly/aide=. The results are emailed to usno-admins.

Every time the system is patched, there are going to be lots of changes. The patching process on the servers performs the baselining (see below) to avoid this.

Configuration Files

The primary aide configuration file is /etc/aide.conf. This specifies the list of files that aide will scan; it also lists the location of the accepted baseline file (/var/lib/aide/aide.db.gz) and where the logs are to be written (/var/lib/aide).

Baselining

The accepted baseline is created by issuing aide --init= which will scan the appropriate files and record their checksums. This creates a new baseline database /var/lib/aide/aide.db.new.gz. Rename the file to aide.db.gz to make it the new baseline for aide.

-- JimJacobs - 2020-09-30
Topic revision: r1 - 2020-09-30, JimJacobs
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding NRAO Public Wiki? Send feedback