Description:
Periodic checking of the filesystem integrity is needed to detect changes to the
filesystem.
Rationale:
Periodic file checking allows the system administrator to determine on a regular basis if
critical files have been changed in an unauthorized fashion.
Audit:
Run the following commands to verify a cron job scheduled to run the aide check.
Ensure a cron job in compliance with site policy is returned.
OR
Run the following commands to verify that aidcheck.service and aidcheck.timer are
enabled and aidcheck.timer is running
Additional Information:
The checking in this recommendation occurs every day at 5am. Alter the frequency and
time of the checks in compliance with site policy
systemd timers, timer file aidecheck.timer and service file aidecheck.service, have
been included as an optional alternative to using cron
Ubuntu advises using /usr/bin/aide.wrapper rather than calling /usr/bin/aide directly
in order to protect the database and prevent conflicts
Profile Applicability: Level 1 - Server Level 1 - Workstation
Description: Periodic checking of the filesystem integrity is needed to detect changes to the filesystem.
Rationale: Periodic file checking allows the system administrator to determine on a regular basis if critical files have been changed in an unauthorized fashion.
Audit: Run the following commands to verify a cron job scheduled to run the aide check.
Ensure a cron job in compliance with site policy is returned. OR Run the following commands to verify that aidcheck.service and aidcheck.timer are enabled and aidcheck.timer is running
References:
Additional Information: The checking in this recommendation occurs every day at 5am. Alter the frequency and time of the checks in compliance with site policy systemd timers, timer file aidecheck.timer and service file aidecheck.service, have been included as an optional alternative to using cron Ubuntu advises using /usr/bin/aide.wrapper rather than calling /usr/bin/aide directly in order to protect the database and prevent conflicts