RHEL-06-000302 - A file integrity tool must be used at least weekly to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries.

Information

By default, AIDE does not install itself for periodic execution. Periodically running AIDE may reveal unexpected changes in installed files.

Solution

AIDE should be executed on a periodic basis to check for changes. To implement a daily execution of AIDE at 4:05am using cron, add the following line to /etc/crontab:

05 4 * * * root /usr/sbin/aide --check

AIDE can be executed periodically through other means; this is merely one example.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_6_V2R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(5)(b), CAT|II, CCI|CCI-001774, Rule-ID|SV-218048r603264_rule, STIG-ID|RHEL-06-000302, STIG-Legacy|SV-50496, STIG-Legacy|V-38695, Vuln-ID|V-218048

Plugin: Unix

Control ID: d915fb064cf14bf85f87d7340336dda38425c5275d56cca53ecc934cebd1ddb9