The location of aide package

[rumch-se]

Hello @marcusburghardt

I think that there is an error which impacts RedHat and Suse Products, and probably others. If you check the rule aide_scan_notification - which follows DISA recommendations - you will see that it expects the location of the aide package to be in /usr/sbin/aide , but the exact location of aide is /usr/bin/aide. I did a grep with -r "/usr/sbin/aide" and there are a lot of files which use this location. There are many rules which use the variable {{{ aide_bin_path }}} which points to /usr/bin/aide, but problematic files are these in which the /usr/sbin/aide is used. I can make corrections for SUSE products, but probably you have to check for RedHat , or we need to rely on a global approach to replace everywhere /usr/sbin/aide with {{{ aide_bin_path }}}

[marcusburghardt]

Hi @rumch-se , thanks for informing about this. I believe the ideal scenario is to ensure the use of {{{ aide_bin_path }}} instead of hard-code the path in rules.