CME-1004
AIDE / File Integrity Monitoring
Description
Detects unauthorized modifications to critical system files by comparing against a known-good baseline database. Scheduled or continuous monitoring of /etc, /bin, /sbin, /usr.
CVSS Vector Impacts
| Metric | Transition | Rationale |
|---|---|---|
| Integrity (I) | H → L | Compensating control: file modifications detected, alerting triggered |
CWE Relationships
Verification
Verify AIDE is installed and database is initialized
$ aide --check 2>/dev/null; echo $?
# Expected: 0
# Expected: 0
Platform: linux