{"description": "Run the following command to generate a new database:\n\n<pre>$ sudo aideinit</pre>\n\nBy default, the database will be written to the file\n\n<tt>/var/lib/aide/aide.db.new</tt>.\n\nStoring the database, the configuration file <tt>/etc/aide.conf</tt>, and the binary\n<tt>/usr/bin/aide</tt>\n(or hashes of these files), in a secure location (such as on read-only media) provides additional assurance about their integrity.\nThe newly-generated database can be installed as follows:\n\n<pre>$ sudo cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db</pre>\n\nTo initiate a manual check, run the following command:\n<pre>$ sudo /usr/bin/aide --check</pre>\nIf this check produces any unexpected output, investigate.", "rationale": "For AIDE to be effective, an initial database of \"known-good\" information about files\nmust be captured and it should be able to be verified against the installed files.", "severity": "medium", "references": {"cis-csc": ["1", "11", "12", "13", "14", "15", "16", "2", "3", "5", "7", "8", "9"], "cjis": ["5.10.1.3"], "cobit5": ["APO01.06", "BAI01.06", "BAI02.01", "BAI03.05", "BAI06.01", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS01.03", "DSS03.05", "DSS04.07", "DSS05.02", "DSS05.03", "DSS05.05", "DSS05.07", "DSS06.02", "DSS06.06"], "isa-62443-2009": ["4.3.4.3.2", "4.3.4.3.3", "4.3.4.4.4"], "isa-62443-2013": ["SR 3.1", "SR 3.3", "SR 3.4", "SR 3.8", "SR 4.1", "SR 6.2", "SR 7.6"], "iso27001-2013": ["A.11.2.4", "A.12.1.2", "A.12.2.1", "A.12.4.1", "A.12.5.1", "A.12.6.2", "A.14.1.2", "A.14.1.3", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.14.2.7", "A.15.2.1", "A.8.2.3"], "nist": ["CM-6(a)"], "nist-csf": ["DE.CM-1", "DE.CM-7", "PR.DS-1", "PR.DS-6", "PR.DS-8", "PR.IP-1", "PR.IP-3"], "pcidss": ["Req-11.5"], "srg": ["SRG-OS-000445-GPOS-00199"], "anssi": ["R76", "R79"], "cis": ["6.1.1"], "pcidss4": ["11.5.2"], "stigid": ["UBTU-22-651015"], "stigref": ["SV-260583r958944_rule"]}, "control_references": {"anssi": ["R76", "R79"], "cis": ["6.1.1"], "pcidss4": ["11.5.2"], "stigid": ["UBTU-22-651015"]}, "components": [], "identifiers": {}, "ocil_clause": "there is no database file", "ocil": "To find the location of the AIDE database file, run the following command:\n<pre>$ sudo ls -l <i>DBDIR</i>/<i>database_file_name</i></pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "In RHEL Image Mode (bootc) systems, the AIDE database must be regenerated after each system update.\nImage Mode systems receive updates through new container images that may include modified files.\nAfter applying system updates, run the following commands to regenerate the AIDE database:\n<pre>$ sudo /usr/bin/aide --init</pre>\nThen replace the existing database:\n<pre>$ sudo cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz</pre>\nFailure to regenerate the AIDE database after updates will result in false positive alerts\nfor legitimate system changes introduced by the update process."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Build and Test AIDE Database", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml", "template": null}