Detections
Analytics

CSCv6|3.5

Title

Use file integrity checking tools to ensure that critical system files have not been altered.

Description

Use file integrity checking tools to ensure that critical system files (including sensitive system and application executables, libraries, and configurations) have not been altered. The reporting system should: have the ability to account for routine and expected changes; highlight and alert on unusual or unexpected alterations; show the history of configuration changes over time and identify who made the change (including the original logged-in account in the event of a user ID switch, such as with the su or sudo command). These integrity checks should identify suspicious system alterations such as: owner and permissions changes to files or directories; the use of alternate data streams which could be used to hide malicious activities; and the introduction of extra files into key system areas (which could indicate malicious payloads left by attackers or additional files inappropriately added during batch distribution processes).

Reference Item Details

Category: Secure Configurations for Hardware and Software

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2.32 Set 'Audit Policy: Policy Change: Audit Policy Change' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.55 Set 'Audit Policy: Policy Change: Authentication Policy Change' to 'Success'WindowsCIS Windows 8 L1 v1.0.0
1.3.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.3.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.3.1 Ensure AIDE is installedUnixCIS Debian 8 Workstation L1 v2.0.2
1.3.1 Ensure AIDE is installedUnixCIS Distribution Independent Linux Server L1 v2.0.0
1.3.1 Ensure AIDE is installedUnixCIS Debian 8 Server L1 v2.0.2
1.3.1 Ensure AIDE is installedUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
1.3.1 Ensure AIDE is installed - aideUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
1.3.1 Ensure AIDE is installed - aideUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
1.3.1 Ensure AIDE is installed - aideUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.3.1 Ensure AIDE is installed - aideUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.3.1 Ensure AIDE is installed - aide-commonUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.3.1 Ensure AIDE is installed - aide-commonUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
1.3.1 Ensure AIDE is installed - aide-commonUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.3.1 Ensure AIDE is installed - aide-commonUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS CentOS 6 Server L1 v3.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian 8 Server L1 v2.0.2
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Red Hat 6 Server L1 v3.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS CentOS 6 Workstation L1 v3.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Amazon Linux v2.1.0 L1
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian 8 Workstation L1 v2.0.2
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Distribution Independent Linux Server L1 v2.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
1.4.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.4.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.4.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
1.4.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.4.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.4.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
1.5.1 Ensure prelink is disabledUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
1.5.3 Ensure prelink is disabledUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.5.3 Ensure prelink is disabledUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.5.4 Ensure prelink is disabledUnixCIS Amazon Linux v2.1.0 L1
1.5.4 Ensure prelink is disabledUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.5.4 Ensure prelink is disabledUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.5.4 Ensure prelink is disabledUnixCIS CentOS 6 Workstation L1 v3.0.0
1.5.4 Ensure prelink is disabledUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.5.4 Ensure prelink is disabledUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.5.4 Ensure prelink is disabledUnixCIS CentOS 6 Server L1 v3.0.0
1.5.4 Ensure prelink is disabledUnixCIS Debian 8 Server L1 v2.0.2