Profile Applicability:
Level 1
Description:
AIDE is a host-based intrusion detection system that verifies filesystem integrity by comparing the current state of files against a known baseline. Installing AIDE is essential for monitoring unauthorized changes to system files.
Rationale:
Having AIDE installed allows continuous monitoring of filesystem integrity, helping detect unauthorized modifications or tampering early.
Impact:
Pros:
Provides automated integrity checks for system files.
Enhances security monitoring and incident detection.
Cons:
Requires configuration and maintenance.
May consume system resources during scans.
Default Value:
AIDE may not be installed by default on many Linux distributions.
Pre-requisites:
Root or sudo privileges to install software packages.
Remediation:
Test Plan:
Using Linux command line:
Check if AIDE is installed:
RPM-based systems:
rpm -q aide
Debian-based systems:
dpkg -l | grep aide
Confirm AIDE package is present.
Implementation Plan:
Using Linux command line:
Install AIDE if not present
RPM-based:
yum install aide -y
Debian-based:
apt install aide -y
Initialize AIDE database:
aide --init mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
Configure regular AIDE checks via cron or systemd timers.
Backout Plan:
Using Linux command line:
Remove or disable AIDE if necessary:
yum remove aide # or apt remove aide
Clean up related configuration files if needed.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
AIDE Official Documentation