My Oracle Support Banner

WARNING:Cell <Host_Name>: Advanced Intrusion Detection Environment (AIDE) violation encountered. (Doc ID 2685443.1)

Last updated on JULY 27, 2020

Applies to:

Oracle Exadata Storage Server Software - Version 19.1.0.0.0 to 19.2.9.0.0 [Release 12.2]
Linux x86-64

Symptoms

 + Customer received AIDE alert

-----------
WARNING:Cell <Host_Name>: Advanced Intrusion Detection Environment (AIDE) violation encountered.
-----------

+ Customer is running image 19.2.2.0.0.190513.2 on affected cell node.

+ Per bug 29497352 , detailed in KM note 2565481.1, AIDE alerts are generated even after disabling AIDE.
   Issue is fixed in image 19.2.6 and above.

+ But, in specific customer's case, AIDE is enabled.

Changes

 + Per AIDE log (aide.log), changes were identified in files

Summary:
Total number of files: 44811
Added files: 8
Removed files: 0
Changed files: 4

---------------------------------------------------
Added files:
---------------------------------------------------

added: /bin/isdct_config.xml
added: /root/.ssh/authorized_keys
added: /root/.ssh/id_dsa
added: /root/.ssh/id_dsa.pub
added: /root/.ssh/known_hosts
added: /root/.ssh/known_hosts.old
added: /root/00
added: /usr/bin/isdct_config.xml

---------------------------------------------------
Changed files:
---------------------------------------------------

changed: /etc/hosts
changed: /etc/resolv.conf
changed: /etc/ssh/sshd_config
changed: /etc/sysctl.conf

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.