Configuring Advanced Intrusion Detection Environment (AIDE)
Configuring AIDE using the SmartServer System Configuration page is available with SmartServer 4.3 and higher. This feature is not available for SmartConnect.
Advanced Intrusion Detection Environment (AIDE) is an open source, Linux operating system file and directory integrity checker. Running AIDE creates a significant load on the CPU and file system and can impact system performance. In high security installations, this feature may need to enabled; otherwise, it should be disabled.
AIDE is configured in the SmartServer as follows:
SmartServer 4.6 Update 1 and Higher – defaults to disabled.
If your system security policy requires running AIDE and you want AIDE to be enabled on your system, then follow the procedure for Enabling AIDE in the Configuring AIDE for SmartServer 4.6 Update 1 and Higher section on this page.
Once AIDE has been enabled, you can disable AIDE using the SmartServer System Configuration page. Follow the procedure for Disabling AIDE in the Configuring AIDE for SmartServer 4.6 Update 1 and Higher section on this page.
SmartServer 4.6 – defaults to enabled in the SmartServer System Configuration page settings, and requires running aideinit to be fully operational.
If your system security policy requires running AIDE and you want AIDE to be enabled on your system, then follow the procedure for Enabling AIDE in the Configuring AIDE for SmartServer 4.6 section on this page.
If the AIDE process impacts system performance, or running AIDE is not required, then follow the procedure for Disabling AIDE in the Configuring AIDE for SmartServer 4.6 section on this page.
SmartServer 4.3 to 4.5 Update 2 – defaults to disabled.
If your system security policy requires running AIDE and you want AIDE to be enabled on your system, then follow the procedure for Enabling AIDE in the Configuring AIDE for SmartServer 4.3 to 4.5 Update 2 section on this page.
Once AIDE has been enabled, you can disable AIDE using the SmartServer System Configuration page. Follow the procedure for Disabling AIDE in the Configuring AIDE for SmartServer 4.3 to 4.5 Update 2 section on this page.
SmartServer 3.5 to 4.2 Update 1 – defaults to enabled in the system processes to run a daily cron job, and requires running aideinit to be fully operational.
If your system security policy requires running AIDE and you want AIDE to be enabled on your system, then follow the procedure for Enabling AIDE in the Configuring AIDE for SmartServer 3.5 to 4.2 Update 1 section on this page.
If the AIDE process impacts system performance, or running AIDE is not required, then follow the procedure for Disabling AIDE in the Configuring AIDE for SmartServer 3.5 to 4.2 Update 1 section on this page.
This section describes how to configure AIDE based on your SmartServer release and consists of the following:
- 1 Configuring AIDE for SmartServer 4.6 Update 1 and Higher
- 1.1 Enabling AIDE
- 1.2 Disabling AIDE
- 2 Configuring AIDE for SmartServer 4.6
- 2.1 Enabling AIDE
- 2.2 Disabling AIDE
- 3 Configuring AIDE for SmartServer 4.3 to 4.5 Update 2
- 3.1 Enabling AIDE
- 3.2 Disabling AIDE
- 4 Configuring AIDE for SmartServer 3.5 to 4.2 Update 1
- 4.1 Enabling AIDE
- 4.2 Disabling AIDE
Configuring AIDE for SmartServer 4.6 Update 1 and Higher
For SmartServer 4.6 Update 1 and higher, AIDE is disabled by default. Based on your system security policy, you can enable this process to run once a day.
Running AIDE can create a significant CPU and filesystem load that impacts system performance.
The procedures that follow describe how to enable/disable AIDE for SmartServer 4.6 Update 1 and higher as needed for your environment.
Enabling AIDE
To enable AIDE, perform the following steps:
Open the SmartServer Configuration page as described in Accessing the SmartServer IoT Configuration Page.
Click the System tab if needed. The System tab appears.
For SmartServer 4.6 Update 1 and higher, the Run Advanced Intrusion Detection Environment (AIDE) once per day option defaults to disabled as shown below. If this option is disabled, then continue with the next step; if this option has been enabled, then go to step #4.
Enable the Run Advanced Intrusion Detection Environment (AIDE) once per day option and click Update.
Log into the SmartServer using a console connection.
Enter the command shown below followed by the password for apollo. Once you execute this command, it can take about 45 minutes for aideinit to run.
sudo aideinitThe following message appears:
Running aide --init...Once the process finishes running, AIDE is enabled on your SmartServer.
Disabling AIDE
To disable AIDE, perform the following steps:
Open the SmartServer Configuration page as described in Accessing the SmartServer IoT Configuration Page.
Click the System tab if needed. The System tab appears with the Run Advanced Intrusion Detection Environment (AIDE) once per day option default set to enabled.
Disable the Run Advanced Intrusion Detection Environment (AIDE) once per day option and click Update.
AIDE is disabled on your SmartServer.
Configuring AIDE for SmartServer 4.6
For SmartServer 4.6, AIDE is enabled by default in the SmartServer System Configuration page settings, and requires running aideinit to be fully operational.
Running AIDE can create a significant CPU and filesystem load that impacts system performance.
The procedures that follow describe how to enable/disable AIDE for SmartServer 4.6 as needed for your environment.
Enabling AIDE
To enable AIDE, perform the following steps:
Open the SmartServer Configuration page as described in Accessing the SmartServer IoT Configuration Page.
Click the System tab if needed. The System tab appears.
For SmartServer 4.6, the Run Advanced Intrusion Detection Environment (AIDE) once per day option defaults to enabled as shown below. If this option is enabled, then go to step #4; if this option has been disabled, then continue with the next step.If the Run Advanced Intrusion Detection Environment (AIDE) once per day option has been disabled as shown below, then enable this option and click Update.
Log into the SmartServer using a console connection.
Enter the command shown below followed by the apollo password. Once you execute this command, it can take about 45 minutes for aideinit to run.
sudo aideinitThe following message appears:
Running aide --init...Once the process finishes running, AIDE is enabled on your SmartServer.
Disabling AIDE
To disable AIDE, perform the following steps:
Open the SmartServer Configuration page as described in Accessing the SmartServer IoT Configuration Page.
Click the System tab if needed. The System tab appears.
For SmartServer 4.6, the Run Advanced Intrusion Detection Environment (AIDE) once per day option defaults to enabled as shown below.Disable the Run Advanced Intrusion Detection Environment (AIDE) once per day option and click Update.
AIDE is disabled on your SmartServer.
Configuring AIDE for SmartServer 4.3 to 4.5 Update 2
For SmartServer 4.3 to 4.5 Update 2, AIDE is disabled by default. Based on your system security policy, you can enable this process to run once a day.
Running AIDE can create a significant CPU and filesystem load that impacts system performance.
The procedures that follow describe how to enable/disable AIDE for SmartServer 4.3 to 4.5 Update 2 as needed for your environment.
Enabling AIDE
To enable AIDE, perform the following steps:
Open the SmartServer Configuration page as described in Accessing the SmartServer IoT Configuration Page.
Click the System tab if needed. The System tab appears.
For SmartServer 4.3 to 4.5 Update 2, the Run Advanced Intrusion Detection Environment (AIDE) once per day option defaults to disabled as shown below. If this option is disabled, then continue with the next step; if this option has been enabled, then go to step #4.Enable the Run Advanced Intrusion Detection Environment (AIDE) once per day option and click Update.
Log into the SmartServer using a console connection.
Enter the command shown below followed by the password for apollo. Once you execute this command, it can take about 45 minutes for aideinit to run.
sudo aideinitThe following message appears:
Running aide --init...Once the process finishes running, AIDE is enabled on your SmartServer.
Disabling AIDE
To disable AIDE, perform the following steps:
Open the SmartServer Configuration page as described in Accessing the SmartServer IoT Configuration Page.
Click the System tab if needed. The System tab appears with the Run Advanced Intrusion Detection Environment (AIDE) once per day option default set to enabled.
Disable the Run Advanced Intrusion Detection Environment (AIDE) once per day option and click Update.
AIDE is disabled on your SmartServer.
Configuring AIDE for SmartServer 3.5 to 4.2 Update 1
For SmartServer 3.5 to 4.2 Update 1, AIDE is enabled by default in the system processes to run a daily cron job and requires running aideinit to be fully operational.
Running AIDE can create a significant CPU and filesystem load that impacts system performance.
The procedures that follow describe how to enable/disable AIDE for SmartServer 3.5 to 4.2 Update 1 as needed for your environment.
Enabling AIDE
To enable AIDE, perform the following steps:
Log into the SmartServer using a console connection.
If AIDE has been disabled on your system using the Disabling AIDE procedure below, then enter the command shown below; otherwise, go to step #3.
sudo chmod +x /etc/cron.daily/aideEnter the command shown below followed by the apollo password. Once you execute this command, it can take about 45 minutes for aideinit to run.
sudo aideinitThe following message appears:
Running aide --init...Once the process finishes running, AIDE is enabled on your SmartServer.
Disabling AIDE
To disable AIDE, perform the following steps:
Log into the SmartServer using a console connection.
Enter the following command:
sudo chmod -x /etc/cron.daily/aideAIDE is disabled on your SmartServer.