Reduce configuration drift with Oracle Linux Automation Manager and Advanced Intrusion Detection Environment

May 10, 2022 | 3 minute read
Simon Hayler
Senior Technical Product Manager
Text Size 100%:

Configuration drift, whether by the installation of a software package or the accidental or intentional edit of a key configuration file, can cause lost productivity and downtime as engineers troubleshoot code and operating system environments trying to identify the cause of unexpected behavior.  An example could be the installation of an rpm or an edit to the sshd_config file allowing root login. Configuration drift could also be a sign of a security breach. The unexpected addition of files, software, or changed configuration may be a sign of an attack, or may open the door to an attack. Identifying file system changes that should not have happened is among one of the best solutions for configuration drift. The use of Oracle Linux Automation Manager and AIDE is a powerful combination for addressing configuration drift.

The Advanced Intrusion Detection Environment (AIDE) is a file and directory integrity checking utility which can be an effective warning system. AIDE takes a "snapshot" of the state of the system, this "snapshot" is used to build a database. When an administrator wants to run an integrity test, AIDE compares the database against the current status of the system. Should a change have happened to the system between the snapshot creation and the test, AIDE will detect it and report it.

Oracle Linux Automation Manager and Oracle Linux Automation Engine are the latest additions to the Oracle Linux operating environment. Together, they provide a cost-effective, powerful, scalable, and secure infrastructure automation framework for enterprise environments. Additionally, they enable infrastructure as code, streamlining software provisioning, configuration management, and application deployment, which in turn reduces deployment errors, time to resolve problems, and increases compliance with security, privacy, and other policies. Oracle Linux Automation Manager and Engine, based upon the opensource AWX and Ansible projects respectively, are included with an Oracle Linux Premier Support subscription.

Using the Advanced Intrusion Detection Environment along with Oracle Linux Automation Manager provide the following benefits:

  • Automated, repeatable, error free, and idempotent install of initial baseline configuration
  • Scheduled, cadence-based, repeating report of inconsistencies
  • Easily updated baseline for planned configuration changes
  • Simple fixing of reported issues using playbooks such as reset firewalls or set back configuration files

In this technical paper you will find examples of how to use the Advanced Intrusion Detection Environment with Oracle Linux Automation Manager to install, configure, create baselines and run detection reports.   

Oracle Linux downloads

Individual RPM packages are available on the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. ISO installation images are available from the Oracle Linux yum server and Oracle Software Delivery Cloud and container images are available via Oracle Container RegistryGitHub Container Registry and Docker Hub.

Oracle Linux can be downloaded, used, and distributed free of charge and all updates and errata are freely available. Customers decide which of their systems require a support subscription. This makes Oracle Linux an ideal choice for development, testing, and production systems, since support coverage can be optimized for each individual system, while keeping all systems up to date and secure.

Resources

Simon Hayler

Senior Technical Product Manager

Simon is a Technical Product Manager responsible for the integration of Oracle VM Server and the Private Cloud Appliance with Oracle Enterprise Manager. Simon has 27 plus years in the IT industry and came to Oracle from Sun Microsystems.


Previous Post

Unbreakable Enterprise Kernel Release 7 BETA for Oracle Linux is now available

Simon Coter | 5 min read

Next Post


Announcing the release of Oracle Linux 8 Update 6

Simon Coter | 4 min read