8.5 Collect Detailed Audit Logs
Automated
Filesystem Integrity Checking
IG2
IG3
Initial Setup
Level 1
M1022
Server
T1036
T1036.002
T1036.003
T1036.004
T1036.005
T1565
T1565.001
TA0040
Workstation
6.3.2 Ensure filesystem integrity is regularly checked
Audit
Run the following command:
# systemctl list-unit-files | awk '$1~/^dailyaidecheck\.(timer|service)$/{print $1 "\t" $2}'
Example output:
static
enabled
Verify dailyaidecheck.timer is enabled and dailyaidecheck.service is either static or enabled .
Run the following command to verify dailyaidecheck.timer is active :
# systemctl is-active dailyaidecheck.timer
Run the following command to unmask dailyaidecheck.timer and dailyaidecheck.service :
# systemctl unmask dailyaidecheck.timer dailyaidecheck.service
Run the following command to enable and start dailyaidecheck.timer :
# systemctl --now enable dailyaidecheck.timer