Information
Periodic checking of the filesystem integrity is needed to detect changes to the filesystem.
Note: The checking in this recommendation occurs every day at 5am. Alter the frequency and time of the checks in compliance with site policy.
Rationale:
Periodic file checking allows the system administrator to determine on a regular basis if critical files have been changed in an unauthorized fashion.
Solution
If cron will be used to schedule and run aide check
Run the following command:
# crontab -u root -e
Add the following line to the crontab:
0 5 * * * /usr/sbin/aide --check
OR
If aidecheck.service and aidecheck.timer will be used to schedule and run aide check:
Create or edit the file /etc/systemd/system/aidecheck.service and add the following lines:
[Unit]
Description=Aide Check
[Service]
Type=simple
ExecStart=/usr/sbin/aide --check
[Install]
WantedBy=multi-user.target
Create or edit the file /etc/systemd/system/aidecheck.timer and add the following lines:
[Unit]
Description=Aide check every day at 5AM
[Timer]
OnCalendar=*-*-* 05:00:00
Unit=aidecheck.service
[Install]
WantedBy=multi-user.target
Run the following commands:
# chown root:root /etc/systemd/system/aidecheck.*
# chmod 0644 /etc/systemd/system/aidecheck.*
# systemctl daemon-reload
# systemctl enable aidecheck.service
# systemctl --now enable aidecheck.timer