An error occurred:

Check: FreeBSD-10-001990

FreeBSD 10: FreeBSD-10-001990 (in version v1 r1)

Title

The operating system must verify correct operation of all security functions. (Cat II impact)

Discussion

Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters. This requirement applies to operating systems performing security function verification/testing and/or systems and environments that require this functionality. Satisfies: SRG-OS-000445-GPOS-00199, SRG-OS-000446-GPOS-00200

Check Content

Verify the operating system verifies correct operation of all security functions. If it does not, this is a finding. AIDE is one tool that may be used to check this. To see if AIDE is installed: # pkg info aide aide-0.16 Name : aide Version : 0.16 Installed on : Tue Mar 27 09:56:37 2018 UTC Origin : security/aide Architecture : FreeBSD:10:amd64 Prefix : /usr/local Categories : security Licenses : Maintainer : cy@FreeBSD.org WWW : https://sourceforge.net/projects/aide/ Comment : Replacement and extension for Tripwire Annotations : repo_type : binary repository : FreeBSD Flat size : 1.31MiB Description : AIDE is Advanced Intrusion Detection Environment. This piece of software was written as a replacement and extension for Tripwire. WWW: https://sourceforge.net/projects/aide/ If AIDE is not installed, pkg will say "No package(s) matching aide." To see if it runs periodically: $ cat /etc/crontab $ ls /etc/cron.d/* One of these may indicate that AIDE is being run. Review the configuration of AIDE: $ find / -name aide.conf -print -exec cat {} \; Other auditing software is available, such as Tripwire. Ask the system adminitrator if they are using an alternative system.

Fix Text

Configure the operating system to verify correct operation of all security functions.

Additional Identifiers

Rule ID:

Vulnerability ID: V-1990

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002696

The information system verifies correct operation of organization-defined security functions.
CCI-002699

The information system performs verification of the correct operation of organization-defined security functions: when the system is in an organization-defined transitional state; upon command by a user with appropriate privileges; and/or on an organization-defined frequency.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-6

Security Function Verification