Details
Periodic checking of the filesystem integrity is needed to detect changes to the filesystem.
Notes:
The checking in this recommendation occurs every day at 5am. Alter the frequency and time of the checks in compliance with site policy
systemd timers, timer file aidecheck.timer and service file aidecheck.service, have been included as an optional alternative to using cron
Ubuntu advises using /usr/bin/aide.wrapper rather than calling /usr/bin/aide directly in order to protect the database and prevent conflicts
Rationale:
Periodic file checking allows the system administrator to determine on a regular basis if critical files have been changed in an unauthorized fashion.
Solution
If cron will be used to schedule and run aide check:
Run the following command:
# crontab -u root -e
Add the following line to the crontab:
0 5 * * * /usr/bin/aide.wrapper –config /etc/aide/aide.conf –check
OR
If aidecheck.service and aidecheck.timer will be used to schedule and run aide check:
Create or edit the file /etc/systemd/system/aidecheck.service and add the following lines:
[Unit]
Description=Aide Check
[Service]
Type=simple
ExecStart=/usr/bin/aide.wrapper –config /etc/aide/aide.conf –check
[Install]
WantedBy=multi-user.target
Create or edit the file /etc/systemd/system/aidecheck.timer and add the following lines:
[Unit]
Description=Aide check every day at 5AM
[Timer]
OnCalendar=*-*-* 05:00:00
Unit=aidecheck.service
[Install]
WantedBy=multi-user.target
Run the following commands:
# chown root:root /etc/systemd/system/aidecheck.*
# chmod 0644 /etc/systemd/system/aidecheck.*
# systemctl daemon-reload
# systemctl enable aidecheck.service
# systemctl –now enable aidecheck.timer
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.