1.3.5 Ensure AIDE is configured to use FIPS 140-2

Information

The operating system must use a file integrity tool that is configured to use FIPS 140-2 approved cryptographic hashes for validating file contents and directories.

Rationale:

File integrity tools use cryptographic hashes for verifying file contents and directories have not been altered. These hashes must be FIPS 140-2 approved cryptographic hashes.

Solution

Configure the file integrity tool to use FIPS 140-2 cryptographic hashes for validating file and directory contents.
If AIDE is installed, ensure the sha512 rule is present on all uncommented file and directory selection lists.
Example: vim /etc/aide.conf
add a rule that includes the sha512 example:

All=p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
/bin All # apply the custom rule to the files in bin
/sbin All # apply the same custom rule to the files in sbin

Notes:

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-72073

Rule ID: SV-86697r3_rule

STIG ID: RHEL-07-021620

Severity: CAT II

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Unix

Control ID: dcf16faeae5f127f552ba33b3997c436649a1202f8184cc6cdea925587dacaf5