GEN000220 - A file integrity tool must be used at least weekly to check for unauthorized file changes.

Information

Changes in system libraries, binaries and other critical system files can indicate compromise or significant system events such as patching needing to be checked by automated processes and the results reviewed by the SA.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Establish an automated job, scheduled to run weekly or more frequently, to run 'aide --check' which is the file integrity tool to check for unauthorized system libraries or binaries.

NOTE: The frequency may be increased to daily, if necessary, in accordance with the contingency plan.

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: RISK ASSESSMENT

References: 800-53|RA-5(7), CAT|II, CCI|CCI-001069, Group-ID|V-11945, Rule-ID|SV-38178r3_rule, STIG-ID|GEN000220, Vuln-ID|V-11945

Plugin: Unix

Control ID: d55185a030792bf1e1c3352129904387b290caf30fbb7a3f7387c4de7684b385