Check: GEN006575
HP-UX 11.23 STIG:
GEN006575
(in version v1 r8)
Title
The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents. (Cat III impact)
Discussion
File integrity tools often use cryptographic hashes for verifying file contents have not been altered. These hashes must be FIPS 140-2 approved.
Check Content
Ask the SA if the file integrity tool is configured to monitor directories and files for sha256 or sha512 settings. If using the Advanced Intrusion Detection Environment (AIDE) tool, verify the configuration file (aide.conf) contains the xattrs option for all monitored files and directories. See the following example. # find / -type f -name aide.conf | xargs -n1 ls -lL # cat <path>/aide.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' |grep -v "^#" | \ egrep -i "sha256|sha512" If one of these option is not present, this is a finding. If using a different file integrity tool, check the configuration per tool documentation.
Fix Text
If using AIDE, edit the configuration and add the sha512 option for all monitored files and directories. If using a different file integrity tool, configure FIPS 140-2 approved cryptographic hashes per the tool's documentation.
Additional Identifiers
Rule ID: SV-35194r1_rule
Vulnerability ID: V-22509
Group Title: GEN006575
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001297 |
The information system detects unauthorized changes to software and information. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |