{"description": "At a minimum, AIDE should be configured to run a weekly scan.\nTo implement a systemd service and a timer unit to run the service periodically:\nFor example, if a systemd timer is expected to be started every day at 5AM\n<pre>OnCalendar=*-*-* 05:00:0</pre> <pre>[Timer]</pre> section in the timer unit and\na Unit section starting the AIDE check service unit should be referred.", "rationale": "AIDE provides a means to check if unauthorized changes are made to the system.\nAIDE itself does not setup a periodic execution, so in order to detect unauthorized\nchanges a systemd service to run the check and a systemd timer to take care\nof periodical execution of that systemd service should be defined.", "severity": "medium", "references": {"cis-csc": ["1", "11", "12", "13", "14", "15", "16", "2", "3", "5", "7", "8", "9"], "cjis": ["5.10.1.3"], "cobit5": ["APO01.06", "BAI01.06", "BAI02.01", "BAI03.05", "BAI06.01", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS01.03", "DSS03.05", "DSS04.07", "DSS05.02", "DSS05.03", "DSS05.05", "DSS05.07", "DSS06.02", "DSS06.06"], "isa-62443-2009": ["4.3.4.3.2", "4.3.4.3.3", "4.3.4.4.4"], "isa-62443-2013": ["SR 3.1", "SR 3.3", "SR 3.4", "SR 3.8", "SR 4.1", "SR 6.2", "SR 7.6"], "iso27001-2013": ["A.11.2.4", "A.12.1.2", "A.12.2.1", "A.12.4.1", "A.12.5.1", "A.12.6.2", "A.14.1.2", "A.14.1.3", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.14.2.7", "A.15.2.1", "A.8.2.3"], "nist": ["SI-7", "SI-7(1)", "CM-6(a)"], "nist-csf": ["DE.CM-1", "DE.CM-7", "PR.DS-1", "PR.DS-6", "PR.DS-8", "PR.IP-1", "PR.IP-3"], "pcidss": ["Req-11.5"], "srg": ["SRG-OS-000363-GPOS-00150", "SRG-OS-000446-GPOS-00200", "SRG-OS-000447-GPOS-00201"], "anssi": ["R76"], "pcidss4": ["11.5.2"]}, "control_references": {"anssi": ["R76"], "pcidss4": ["11.5.2"]}, "components": [], "identifiers": {}, "ocil_clause": "AIDE is not configured to scan periodically", "ocil": "Verify the operating system routinely checks the baseline configuration for unauthorized changes.\n\nTo determine that periodic AIDE execution has been scheduled, run the following command:\n<pre>$ systemctl list-timers</pre> should display <pre>aidecheck.timer</pre> or similar\nthat starts a service to run AIDE check.", "oval_external_content": null, "fixtext": "Configure a systemd timer to run AIDE checks at least once weekly", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must notify the system administrator when Advanced Intrusion Detection Environment (AIDE) discovers anomalies in the operation of any security functions.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[aide] and package[systemd]", "platforms": ["package[aide] and package[systemd]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_aide_and_package_systemd"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Configure Systemd Timer Execution of AIDE", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml", "template": null}