Description Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. Rationale Periodic file checking allows the system administrator to determine on a regular basis if critical files have been changed in an unauthorized fashion. Audit Run the following commands to determine if there is a cron job scheduled to run the aide check. # crontab -u root -l | grep aide # grep -r aide /etc/cron.* /etc/crontab Ensure a cron job in compliance with site policy is returned. Remediation Run the following command: # crontab -u root -e Add the following line to the crontab: 0 5 * * * /usr/bin/aide --check Notes The checking in this recommendation occurs every day at 5am. Alter the frequency and time of the checks in compliance with site policy.

[yes/no]

Run the following command: # crontab -u root -e Add the following line to the crontab: 0 5 * * * /usr/bin/aide --check