An error occurred:

Check: AZLX-23-001060

Amazon Linux 2023 STIG: AZLX-23-001060 (in version v1 r1)

Title

Amazon Linux 2023 must have the Advanced Intrusion Detection Environment (AIDE) package installed. (Cat II impact)

Discussion

Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters. Satisfies: SRG-OS-000363-GPOS-00150, SRG-OS-000445-GPOS-00199, SRG-OS-000358-GPOS-00145

Check Content

Verify Amazon Linux 2023 has the AIDE package installed with the following command: $ dnf list --installed aide Installed Packages aide.x86_64 0.18.6-1.amzn2023.0.1 @amazonlinux If AIDE is not installed, ask the system administrator (SA) how file integrity checks are performed on the system. If there is no application installed to perform integrity checks, this is a finding. If AIDE is installed, check if it has been initialized with the following command: $ sudo /usr/sbin/aide --check If the output is "Couldn't open file /var/lib/aide/aide.db.gz for reading", this is a finding.

Fix Text

Configure Amazon Linux 2023 to have the AIDE package installed. Install AIDE with the following commands: Install AIDE: $ sudo dnf install -y aide Initialize AIDE: $ sudo /usr/sbin/aide --init sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz Perform a manual check: $ sudo /usr/sbin/aide --check Example output: 2023-06-05 10:16:08 -0600 (AIDE 0.16) AIDE found NO differences between database and filesystem. Looks okay!!

Additional Identifiers

Rule ID: SV-274024r1120060_rule

Vulnerability ID: V-274024

Group Title: SRG-OS-000363-GPOS-00150

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001744

Implement organization-defined security responses automatically if baseline configurations are changed in an unauthorized manner.
CCI-001889

Record time stamps for audit records that meet organization-defined granularity of time measurement.
CCI-002696

Verify correct operation of organization-defined security functions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-8

Time Stamps
CM-3(5)

Automated Security Response
SI-6

Security and Privacy Function Verification