Information
Periodic checking of the filesystem integrity is needed to detect changes to the filesystem.
Rationale:
Periodic file checking allows the system administrator to determine on a regular basis if critical files have been changed in an unauthorized fashion.
Solution
Run the following commands:
# cp ./config/aidecheck.service /etc/systemd/system/aidecheck.service
# cp ./config/aidecheck.timer /etc/systemd/system/aidecheck.timer
# chmod 0644 /etc/systemd/system/aidecheck.*
# systemctl reenable aidecheck.timer
# systemctl restart aidecheck.timer
# systemctl daemon-reload
OR
Run the following command:
# crontab -u root -e
Add the following line to the crontab:
0 5 * * * /usr/bin/aide.wrapper --config /etc/aide/aide.conf --check
References:
https://github.com/konstruktoid/hardening/blob/master/config/aidecheck.service
https://github.com/konstruktoid/hardening/blob/master/config/aidecheck.timer
Notes:
The checking in this recommendation occurs every day at 5am. Alter the frequency and time of the checks in compliance with site policy.
Note that Ubuntu advises using /usr/bin/aide.wrapper rather than calling /usr/bin/aide directly in order to protect the database and prevent conflicts.