1.3.3 Ensure AIDE is configured to verify ACLs

Information

The operating system must be configured so that the file integrity tool is configured to verify Access Control Lists (ACLs).

Rationale:

ACLs can provide permissions beyond those permitted through the file mode and must be verified by file integrity tools.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure the file integrity tool to check file and directory ACLs.
If AIDE is installed, ensure the acl rule is present on all uncommented file and directory selection lists.
Example: vim /etc/aide.conf
add a rule that includes the acl example:

All= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
/bin All # apply the custom rule to the files in bin
/sbin All # apply the same custom rule to the files in sbin

Notes:

This checks for aide.conf in the default location. If aide.conf is in a different location, manually confirm that the setting(s) are correct.

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-72069

Rule ID: SV-86693r3_rule

STIG ID: RHEL-07-021600

Severity: CAT III

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CSCv7|14.6

Plugin: Unix

Control ID: da3165cc5d0bf2a79cfa0a05157d3ec90cac3be01f562b046fc515bb9cd65dde