WARNING:Cell <Host_Name>: Advanced Intrusion Detection Environment (AIDE) violation encountered.
(Doc ID 2685443.1)
Last updated on OCTOBER 18, 2023
Applies to:
Oracle Exadata Storage Server Software - Version 19.1.0.0.0 to 19.2.9.0.0 [Release 12.2]Linux x86-64
Symptoms
+ Customer received AIDE alert
-----------
WARNING:Cell <Host_Name>: Advanced Intrusion Detection Environment (AIDE) violation encountered.
-----------
+ Customer is running image 19.2.2.0.0.190513.2 on affected cell node.
+ Per bug 29497352 , detailed in KM note 2565481.1, AIDE alerts are generated even after disabling AIDE.
Issue is fixed in image 19.2.6 and above.
+ But, in specific customer's case, AIDE is enabled.
Changes
+ Per AIDE log (aide.log), changes were identified in files
Summary:
Total number of files: 44811
Added files: 8
Removed files: 0
Changed files: 4
---------------------------------------------------
Added files:
---------------------------------------------------
added: /bin/isdct_config.xml
added: /root/.ssh/authorized_keys
added: /root/.ssh/id_dsa
added: /root/.ssh/id_dsa.pub
added: /root/.ssh/known_hosts
added: /root/.ssh/known_hosts.old
added: /root/00
added: /usr/bin/isdct_config.xml
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /etc/hosts
changed: /etc/resolv.conf
changed: /etc/ssh/sshd_config
changed: /etc/sysctl.conf
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |