1.3.4 Ensure AIDE is configured to verify XATTRS

Information

The operating system must be configured so that the file integrity tool is configured to verify extended attributes.

Rationale:

Extended attributes in file systems are used to contain arbitrary data and file metadata with security implications.

Solution

Configure the file integrity tool to check file and directory extended attributes.
If AIDE is installed, ensure the xattrs rule is present on all uncommented file and directory selection lists.
Example: vim /etc/aide.conf
add rule that includes the xattrs example:

All= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
/bin All # apply the custom rule to the files in bin
/sbin All # apply the same custom rule to the files in sbin

Notes:

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-72071

Rule ID: SV-86695r3_rule

STIG ID: RHEL-07-021610

Severity: CAT III

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(1)

Plugin: Unix

Control ID: bde6474273904c0b2ad8dd2b533931f4d471c90a957a1385d6ae4de5ed9b9616