1.4.2 Ensure filesystem integrity is regularly checked

Information

Periodic checking of the filesystem integrity is needed to detect changes to the filesystem.

Note: The checking in this recommendation occurs every day at 5am. Alter the frequency and time of the checks in compliance with site policy.

Rationale:

Periodic file checking allows the system administrator to determine on a regular basis if critical files have been changed in an unauthorized fashion.

Solution

If cron will be used to schedule and run aide check
Run the following command:

# crontab -u root -e

Add the following line to the crontab:

0 5 * * * /usr/sbin/aide --check

OR
If aidecheck.service and aidecheck.timer will be used to schedule and run aide check:
Create or edit the file /etc/systemd/system/aidecheck.service and add the following lines:

[Unit]
Description=Aide Check

[Service]
Type=simple
ExecStart=/usr/sbin/aide --check

[Install]
WantedBy=multi-user.target

Create or edit the file /etc/systemd/system/aidecheck.timer and add the following lines:

[Unit]
Description=Aide check every day at 5AM

[Timer]
OnCalendar=*-*-* 05:00:00
Unit=aidecheck.service

[Install]
WantedBy=multi-user.target

Run the following commands:

# chown root:root /etc/systemd/system/aidecheck.*
# chmod 0644 /etc/systemd/system/aidecheck.*

# systemctl daemon-reload

# systemctl enable aidecheck.service
# systemctl --now enable aidecheck.timer

See Also

https://workbench.cisecurity.org/files/2925

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, CSCv7|14.9

Plugin: Unix

Control ID: b6c9cab4608c06dfb5c1f841c145aed11f38db8ccf627ef1136c9b11d4a0c42d