Detections
Analytics
RHEL-06-000018 - A file integrity baseline must be created.
Information
For AIDE to be effective, an initial database of 'known-good' information about files must be captured and it should be able to be verified against the installed files.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Run the following command to generate a new database:# /usr/sbin/aide --init
By default, the database will be written to the file '/var/lib/aide/aide.db.new.gz'. Storing the database, the configuration file '/etc/aide.conf', and the binary '/usr/sbin/aide' (or hashes of these files), in a secure location (such as on read-only media) provides additional assurance about their integrity. The newly-generated database can be installed as follows:
# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
To initiate a manual check, run the following command:
# /usr/sbin/aide --check
If this check produces any unexpected output, investigate.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_6_V2R2_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 6 STIG v2r2
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7(5)(b), CAT|II, CCI|CCI-001774, Rule-ID|SV-217859r603264_rule, STIG-ID|RHEL-06-000018, STIG-Legacy|SV-65601, STIG-Legacy|V-51391, Vuln-ID|V-217859
Plugin: Unix
Control ID: f3ddc98338e29074bdfed5ba905815dd7e53ba67c96cede8621da1169a356679