Build and Test AIDE Database
An XCCDF Rule
Description
Run the following command to generate a new database:
$ sudo /usr/sbin/aide --initBy default, the database will be written to the file
/var/lib/aide/aide.db.new.gz
.
Storing the database, the configuration file /etc/aide.conf
, and the binary
/usr/sbin/aide
(or hashes of these files), in a secure location (such as on read-only media) provides additional assurance about their integrity.
The newly-generated database can be installed as follows:
$ sudo cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gzTo initiate a manual check, run the following command:
$ sudo /usr/sbin/aide --checkIf this check produces any unexpected output, investigate.
Rationale
For AIDE to be effective, an initial database of "known-good" information about files must be captured and it should be able to be verified against the installed files.
- ID
- xccdf_org.ssgproject.content_rule_aide_build_database
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
if ! rpm -q --quiet "aide" ; then
yum install -y "aide"
fi
Remediation - Ansible
- name: Build and Test AIDE Database - Ensure AIDE Is Installed
ansible.builtin.package:
name: '{{ item }}'
state: present
with_items:
- aide