Advanced Intrusion Detection Environment (AIDE) is a secure open source file and directory integrity checker to help monitor select files that are recently changed or modified. AIDE uses predefined rules to check the integrity of files and directories in the Linux operating system. AIDE helps monitor those files that are recently changed or modified. This allows you to keep track of files or directories when someone tries to modify or change them. AIDE tracks file properties, such as inode, permissions, modification time, file contents, etc. You can activate AIDE on the SBC using the System Admin "Intrusion Detection" configurable object. Once "Intrusion Detection" is enabled, AIDE runs daily, and starts again after a reboot. The following AIDE logs are stored in the Potential file integrity issues are reported with the sonusSystemSecurityReportNotification trap. Use the System Admin object "Intrusion Detection" to enable/disable the intrusion detection system (AIDE) tool, plus add/delete tokens (case-sensitive) in the exceptions list (used to specify which tokens to not report in the sonusSystemSecurityReportNotification trap. Tokens are file paths, for example:/var/log/sonus/hids
directory:
% set system admin <system name> intrusionDetection exceptionList <token | list> intrusionDetectionState <disabled | enabled> % delete system admin <system name> intrusionDetection <token | [leave empty to delete list]>
Parameter | Length/Range | Description | M/O |
---|---|---|---|
| N/A | Use this object to enable the Advanced Intrusion Detection Environment (AIDE) tool on the SBC and specify the exception list sent to the sonusSystemSecurityReportNotification trap. AIDE is a file and directory integrity checker that helps in keeping track of file properties, such as inode, permissions, modification time, file contents, etc. | O |
| N/A | Use this flag to enable/disable AIDE on the SBC.
| O |
| 0-1024 characters Pattern: (((.)){0,1024}) | Use this parameter to specify one or more tokens to exclude from the sonusSystemSecurityReportNotification trap report. Options (entries are case-sensitive):
| O |
To create a new exception list:
This deletes the existing exception list.
% set system admin <SYSTEM NAME> intrusionDetection exceptionList [ token1 token2 ]
To append token3 to the exception list:
% set system admin <SYSTEM NAME> intrusionDetection exceptionList token3
To delete one token (token1) from the exception list:
% delete system admin <SYSTEM NAME> intrusionDetection exceptionList token1
To delete all tokens (the entire exception list):
% delete system admin <SYSTEM NAME> intrusionDetection exceptionList [leave empty]