Detections
Analytics
RHEL-08-040310 - The RHEL 8 file integrity tool must be configured to verify Access Control Lists (ACLs).
Information
ACLs can provide permissions beyond those permitted through the file mode and must be verified by file integrity tools.Selection lines in the aide.conf file determine which files and directories AIDE will monitor for changes. They follow this format:
<path> <rules>
The <path> specifies a file, directory or wildcard pattern to monitor.
The <rules>define which attributes (hashes, permissions, timestamps, etc.) to check.
RHEL 8 installation media come with a file integrity tool, Advanced Intrusion Detection Environment (AIDE).
Solution
Configure the file integrity tool to check file and directory ACLs.If AIDE is installed, ensure the "acl" rule is present on all file and directory selection lists.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_8_V2R7_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 8 STIG v2r7
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Rule-ID|SV-230552r1101902_rule, STIG-ID|RHEL-08-040310, Vuln-ID|V-230552
Plugin: Unix
Control ID: 04b54abddc0eac46e592369b18d18f5b75fca2bffa201015689f8b218ce95a96