Implement Periodic Execution of Integrity Checking
By default, AIDE does not install itself for periodic execution.
Implement checking with whatever frequency is required by your security policy.
A once-daily check may be suitable for many environments. For example, to
implement a daily execution of AIDE at 4:05am, add the following line to /etc/crontab:
05 4 * * * root /usr/sbin/aide –check
AIDE output may be an indication of an attack against your system, or it may
be the result of something innocuous such as an administrator’s configuration
change or a software update.
Tags: Checking, Execution, Integrity, Periodic
AIDE - Build, Store, and Test Database
Generate a new database:
By default, the database will be written to the file /var/lib/aide/aide.db.new.gz.
The database, as well as the configuration file /etc/aide.conf and the binary /usr/sbin/aide (or hashes of these files) should be copied and stored in a secure location. Storing these copies or hashes on read-only media may provide further confidence that they will not be altered.
Install the newly-generated database:
# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
Run a manual check:
If this check produces any unexpected output, investigate.
Tags: AIDE, Build, database, Store, test
Install AIDE
AIDE is not installed by default. Install it with the command:
Customize Configuration File
Customize /etc/aide.conf to meet your requirements. The default configuration is acceptable for many environments.
The man page aide.conf(5) provides detailed information about the configuration file format.
Tags: AIDE, install
Software Integrity Checking
The AIDE (Advanced Intrusion Detection Environment) software is included with the system to provide software integrity checking. It is designed to be a replacement for the well-known Tripwire integrity checker.
The RPM software also includes the ability to compare the hashes of installed files with those in its own metadata database. Integrity checking cannot prevent intrusions into your system, but can detect that they have occurred. Such integrity checking software should be configured before the system is deployed and able to provides services to users.
Ideally, the integrity checking database would be built before the system is connected to any network,though this may prove impractical due to registration and software updates.
Tags: Checking, Integrity, Software
Configure Automatic Update Retrieval and Installation with Cron
The yum-updatesd service is not mature enough for an enterprise environment, and the service may introduce unnecessary overhead. When possible, replace this service with a cron job that calls yum directly.
Disable the yum-updatesd service:
# chkconfig yum-updatesd off
Create the file yum.cron, make it executable, and place it in /etc/cron.daily:
#!/bin/sh
/usr/bin/yum -R 120 -e 0 -d 0 -y update yum
/usr/bin/yum -R 10 -e 0 -d 0 -y update
This particular script instructs yum to update any packages it finds. Placing the script in
/etc/cron.daily ensures its daily execution.
To only apply updates once a week, place the script in /etc/cron.weekly instead.
Tags: automatic, cron, Installation, Retrieval, Update
