875f635ab4
This patch gets rid of the old "special notes" section that was a dead-end in the documentation and replaces it with a brief header followed by a dynamically-generated list of tag-specific documentation. All of this sits underneath the "Hardening Domains" section. It also splits the "Deviations" documentation into its own section because it's quite important for a deployer to review. The patch also includes a link to video/slides from the Boston Summit, which provided the latest updates for the project and some background on how everything fits together. Change-Id: I1a5e78733c301335fe1bcfcee36cc146d690b841
1.2 KiB
aide - Advanced Intrusion Detection Environment
AIDE provides integrity monitoring for files on a Linux system and can notify system administrators of changes to critical files and packages.
Overview
By default, AIDE will examine and monitor all of the files on a host
unless directories are added to its exclusion list. The security role
sets directories to exclude from AIDE monitoring via the
aide_exclude_dirs variable. this list excludes the most
common directories that change very often via automated methods.
The security role skips the AIDE initialization step by default to avoid system disruption or a reduction in performance. Deployers should determine the best time to initialize the database that does not interfere with the system's operations.
To initialize the AIDE database, set the following Ansible variable and re-apply the role:
security_rhel7_initialize_aide: trueWarning
Even with the excluded directories, the first AIDE initialization can take a long time on some systems. During this time, the CPU and disks are very busy.