Detections
Analytics
AZLX-23-001060 - Amazon Linux 2023 must have the Advanced Intrusion Detection Environment (AIDE) package installed.
Information
Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.Satisfies: SRG-OS-000363-GPOS-00150, SRG-OS-000445-GPOS-00199, SRG-OS-000358-GPOS-00145
Solution
Configure Amazon Linux 2023 to have the AIDE package installed.Install AIDE with the following commands:
Install AIDE:
$ sudo dnf install -y aide
Initialize AIDE:
$ sudo /usr/sbin/aide --init
sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
Perform a manual check:
$ sudo /usr/sbin/aide --check
Example output:
2023-06-05 10:16:08 -0600 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Amazon_Linux_2023_V1R2_STIG.zip
Item Details
Audit Name: DISA Amazon Linux 2023 STIG v1r2
Category: AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
References: 800-53|AU-8b., 800-53|CM-3(5), 800-53|SI-6a., CAT|II, CCI|CCI-001744, CCI|CCI-001889, CCI|CCI-002696, Rule-ID|SV-274024r1120060_rule, STIG-ID|AZLX-23-001060, Vuln-ID|V-274024
Plugin: Unix
Control ID: 16cbce0ccef5fb8fd22262638ac3c3ae138ea046aef1ce6b3f8a7d1c6adcda10