1.3.1 Ensure AIDE is installed

Information

AIDE takes a snapshot of filesystem state including modification times, permissions, and
file hashes which can then be used to compare against the current state of the filesystem to
detect modifications to the system.

Rationale:

By monitoring the filesystem state compromised files can be detected to prevent or limit
the exposure of accidental or malicious misconfigurations or modified binaries.

Solution

Install AIDE using the appropriate package manager or manual installation:

# yum install aide

# dnf install aide

# apt-get install aide

# zypper install aide

# emerge aide

Configure AIDE as appropriate for your environment. Consult the AIDE documentation for
options.
Initialize AIDE:

# aide --init

See Also

https://workbench.cisecurity.org/files/2420

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, CSCv6|3.5, CSCv7|14.9

Plugin: Unix

Control ID: cd213dab0c9aa957317b407a7d75343be137028ded72057a7b4a3fb02b1d6977