Managing File Integrity Check
The AIDE (Advanced Intrusion Detection Environment) file and directory integrity checker is supported in Junos Space Platform. AIDE enables you to take snapshots of all the configuration files, binaries, and library statistics and to find out the changes to files or binaries if a security breach occurs. From Release 17.2R1 onward, Junos Space Platform provides you an option to enable AIDE checks from the Junos Space Platform user interface.
When the file integrity check is enabled, Junos Space Platform takes a snapshot of the files in the system and checks the files for any modifications at specified intervals. Administrators are notified of changes to the files through SNMP traps.
When the file integrity check is enabled, Junos Space Platform shows the status of the file integrity check in the System Health Report in the Administration workspace. The File Integrity Check Failed item shows No or Yes values and provides a Click link to see the details. You can also manually do a file integrity check from the Administration > Fabric page by selecting a node and clicking the Check for File Integrity option in the right-click menu.
This topic explains the following tasks:
Configuring File Integrity Check
You can enable file integrity check and specify an interval for the file integrity check from the Junos Space Platform user interface.
To configure file integrity check:
- From the Junos Space Platform user interface, go to Administration > Applications.
- Select Network Management Platform and click Modify Application Settings from the Actions menu
or the right-click menu.
The Modify Network Management Platform Settings page appears.
- Click Health Monitoring from the left pane.
The Health Monitoring page appears.
- To enable file integrity check, select the Enable
File System Intrusion Detection Monitoring check box.
You can edit the AIDE configuration file (
/etc/aide.conf) from the Junos Space Platform CLI to modify the list of files or directories to monitor.
- To specify the time interval at which Junos Space Platform
should run file integrity check, enter a value (in hours) for Interval for monitoring the File Changes in hours.
By default, Interval for monitoring the File Changes in hours is set to 24 hours.
- Click Modify to save the settings. To discard the changes, click Cancel.
Manually Checking File Integrity
You can manually initiate a file integrity check from the Junos Space Platform user interface. From the AIDE File integrity results dialog box, you can review the changes and acknowledge the changes.
To manually initiate a file integrity check:
- From the Junos Space Platform user interface, click Administration > Fabric.
- Select the node for which you want to do the file integrity
check and select Check For File Integrity from the Actions menu or the right-click menu.
The AIDE File integrity results dialog box displays the file integrity check results including total number of files, added files, removed files, and changed files.
- If you accept the changes, click Acknowledge. If you do not want to accept the changes, click Close to close the dialog box.
Alternatively, click Check Now to rerun the file integrity check.