Detections
Analytics
RHEL-10-200635 - RHEL 10 must be configured so that the file integrity tool verifies extended attributes.
Information
RHEL 10 installation media ships with an optional file integrity tool called Advanced Intrusion Detection Environment (AIDE). AIDE is highly configurable at install time. This requirement assumes the "aide.conf" file is under the "/etc" directory.Extended attributes in file systems are used to contain arbitrary data and file metadata with security implications.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure RHEL 10 so that the file integrity tool checks file and directory extended attributes.If AIDE is installed, ensure the "xattrs" rule is present on all uncommented file and directory selection lists.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|SC-28(1), CAT|II, CCI|CCI-002475, Rule-ID|SV-280982r1165301_rule, STIG-ID|RHEL-10-200635, Vuln-ID|V-280982
Plugin: Unix
Control ID: 1b7584c93be53c721f228a7dbae684b0ae00b6716ff102671b96764b397b6d81