Advanced Intrusion Detection Environment (AIDE) is a secure open source file and directory integrity checker to help monitor select files that are recently changed or modified. AIDE uses predefined rules to check the integrity of files and directories in the Linux operating system. AIDE helps monitor those files that are recently changed or modified. This allows you to keep track of files or directories when someone tries to modify or change them. AIDE tracks file properties, such as inode, permissions, modification time, file contents, etc.

You can activate AIDE on the SBC using the System Admin "Intrusion Detection" configurable object. Once "Intrusion Detection" is enabled, AIDE runs daily, and starts again after a reboot.  

The following AIDE logs are stored in the/var/log/sonus/hids directory:

  • aide_init.log: Logs generated by AIDEINIT.
  • aide.log: Logs generated by aide.sh while surveilling.
  • configureAIDE.log: Logs generated by configureAIDE.py.

Potential file integrity issues are reported with the sonusSystemSecurityReportNotification trap. 

Use the System Admin object "Intrusion Detection" to enable/disable the intrusion detection system (AIDE) tool, plus add/delete tokens (case-sensitive) in the exceptions list (used to specify which tokens to not report in the sonusSystemSecurityReportNotification trap.

Tokens are file paths, for example:

  • /opt/sonus/sbx/tailf/confd.conf
  • /opt/sonus/cnxipm/conf
  • /opt/sonus/cnxipm/conf/pmTimeout.conf
  • /opt/sonus/cnxipm/conf/pmLog.conf
  • /opt/sonus/bin/np/swe/out_speech

For configuration details, refer to: