Check: OL6-00-000304
Oracle Linux 6 STIG:
OL6-00-000304
(in versions v2 r7 through v1 r9)
Title
The operating system must employ automated mechanisms to detect the presence of unauthorized software on organizational information systems and notify designated organizational officials in accordance with the organization defined frequency. (Cat II impact)
Discussion
By default, AIDE does not install itself for periodic execution. Periodically running AIDE may reveal unexpected changes in installed files.
Check Content
To determine that periodic AIDE execution has been scheduled, run the following command: # grep aide /etc/crontab /etc/cron.*/* If there is no output, this is a finding.
Fix Text
AIDE should be executed on a periodic basis to check for changes. To implement a daily execution of AIDE at 4:05am using cron, add the following line to /etc/crontab: 05 4 * * * root /usr/sbin/aide --check AIDE can be executed periodically through other means; this is merely one example.
Additional Identifiers
Rule ID: SV-219573r854349_rule
Vulnerability ID: V-219573
Group Title: SRG-OS-000363
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001069 |
The organization employs automated mechanisms to detect the presence of unauthorized software on organizational information systems and notify designated organizational officials in accordance with the organization-defined frequency. |
CCI-001744 |
The information system implements organization-defined security responses automatically if baseline configurations are changed in an unauthorized manner. |
Controls
Number | Title |
---|---|
CM-3 (5) |
Automated Security Response |