RHEL-10-200632 - RHEL 10 must use a file integrity tool that is configured to use FIPS 140-3-approved cryptographic hashes for validating file contents and directories.

Information

RHEL 10 installation media ships with an optional file integrity tool called Advanced Intrusion Detection Environment (AIDE). AIDE is highly configurable at install time. This requirement assumes the "aide.conf" file is under the "/etc" directory.

File integrity tools use cryptographic hashes for verifying that file contents and directories have not been altered. These hashes must be FIPS 140-3-approved cryptographic hashes.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure RHEL 10 so that the file integrity tool uses FIPS 140-3 cryptographic hashes for validating file and directory contents.

If AIDE is installed, ensure the "sha512" rule is present on all uncommented file and directory selection lists, and that no legacy hashes exist.

By default, AIDE excludes log files such as "/var/log" and other volatile files to reduce unnecessary notifications.

Item Details

Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Plugin: Unix

Control ID: be74f6d76cac024b7e0f8058f802aeccc51c2f361cba04502ab6fff13155b860

Detections

Analytics

RHEL-10-200632 - RHEL 10 must use a file integrity tool that is configured to use FIPS 140-3-approved cryptographic hashes for validating file contents and directories.

Information

Solution

See Also

Item Details