Red Hat Summit7.5. Configuring file integrity checks with the aide RHEL system role
You can configure Advanced Intrusion Detection Environment (AIDE) consistently across multiple systems by using the aide RHEL system role. The role automatically installs the aide package on all managed nodes.
Depending on your configuration, the aide role can perform the following actions:
- Initialize the AIDE database and store it on the control node
- Run AIDE integrity checks on the managed nodes
- Update the AIDE database and store it on the control node
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions for these nodes.
Procedure
Create a playbook file, for example,
~/playbook.yml, with the following content:--- - name: Configure system integrity hosts: managed-node-01.example.com tasks: - name: Configure file integrity checks with AIDE ansible.builtin.include_role: name: rhel-system-roles.aide.aide vars: aide_db_fetch_dir: files aide_init: true aide_check: false aide_update: false aide_cron_check: true aide_cron_interval: 0 12 * * *The settings specified in the example playbook include the following:
aide_db_fetch_dir: files-
Specifies the directory on the Ansible Control Node (ACN) for storing the AIDE database fetched from the remote nodes. With the default
filesvalue, the role stores the database in the same directory as the playbook. To store the database files somewhere else, specify a different path. aide_check: false- Runs an integrity check on the remote nodes.
aide_update: false- Updates the AIDE database and stores it on the control node.
aide_cron_check: true-
Configures a periodic
cronjob that activates AIDE integrity checks on the managed nodes. aide_cron_interval: 0 12 * * *Sets the interval for the
cronjob in the format<minute> <hour> <day_of_month> <month> <day of week>. The value0 12 * * *sets it to run every day at noon.For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.aide/README.mdfile on the control node.
Validate the playbook syntax:
$ ansible-playbook --syntax-check ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook ~/playbook.yml
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}