Overview

Advanced Intrusion Detection Environment (AIDE) is a secure open source file and directory integrity checker to help monitor select files that are recently changed or modified. AIDE uses predefined rules to check the integrity of files and directories in the Linux operating system. AIDE helps monitor those files that are recently changed or modified. This allows you to keep track of files or directories when someone tries to modify or change them. AIDE tracks file properties, such as inode, permissions, modification time, file contents, etc.

You can activate AIDE on the SBC using the System Admin "Intrusion Detection" configurable object. Once "Intrusion Detection" is enabled, AIDE runs daily, and starts again after a reboot.  

The following AIDE logs are stored in the/var/log/sonus/hids directory:

  • aide_init.log: Logs generated by AIDEINIT.
  • aide.log: Logs generated by aide.sh while surveilling.
  • configureAIDE.log: Logs generated by configureAIDE.py.

Potential file integrity issues are reported with the sonusSystemSecurityReportNotification trap. 

Use the System Admin object "Intrusion Detection" to enable/disable the intrusion detection system (AIDE) tool, plus add/delete tokens (case-sensitive) in the exceptions list (used to specify which tokens to not report in the sonusSystemSecurityReportNotification trap.

Tokens are file paths, for example:

  • /opt/sonus/sbx/tailf/confd.conf
  • /opt/sonus/cnxipm/conf
  • /opt/sonus/cnxipm/conf/pmTimeout.conf
  • /opt/sonus/cnxipm/conf/pmLog.conf
  • /opt/sonus/bin/np/swe/out_speech


To Enable and Edit Intrusion Detection

Use the "Intrusion Detection" screen to enable the Advanced Intrusion Detection Environment (AIDE) tool on the SBC and specify the exception list sent to the sonusSystemSecurityReportNotification trap.

AIDE is a file and directory integrity checker that helps in keeping track of file properties, such as inode, permissions, modification time, file contents, etc.

On the SBC Core main screen, go to All > System > Admin > Intrusion Detection.

  1. (Optional) Enter tokens (using comma-separated values) that you want to add to the Exception List.
    (Note that the new list will replace the existing list).

  2. Click either Enabled or Disable to turn AIDE on/off on the SBC. 



Parameter Descriptions:

ParameterLength/RangeDescriptionM/O

Exception List

0-1024 characters

Pattern: (((.)){0,1024})

Use this parameter to specify one or more tokens to exclude from the sonusSystemSecurityReportNotification trap report.

Options (entries are case-sensitive):

  • [ token1 token2 ] – Creates an exception list or overwrites existing list.
  • token3 – Appends a token to the existing list.
O

Intrusion Detection State

N/A

Use this flag to enable/disable AIDE on the SBC. 

  • disabled (default) 
  • enabled – Once AIDE is enabled, the tool runs on a daily basis, and after every reboot.
O