Check: RHEL-06-000018
Red Hat Enterprise Linux 6 STIG:
RHEL-06-000018
(in versions v2 r2 through v1 r14)
Title
A file integrity baseline must be created. (Cat II impact)
Discussion
For AIDE to be effective, an initial database of "known-good" information about files must be captured and it should be able to be verified against the installed files.
Check Content
To find the location of the AIDE database file, run the following command: # grep DBDIR /etc/aide.conf Using the defined values of the [DBDIR] and [database] variables, verify the existence of the AIDE database file: # ls -l [DBDIR]/[database_file_name] If there is no database file, this is a finding.
Fix Text
Run the following command to generate a new database: # /usr/sbin/aide --init By default, the database will be written to the file "/var/lib/aide/aide.db.new.gz". Storing the database, the configuration file "/etc/aide.conf", and the binary "/usr/sbin/aide" (or hashes of these files), in a secure location (such as on read-only media) provides additional assurance about their integrity. The newly-generated database can be installed as follows: # cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz To initiate a manual check, run the following command: # /usr/sbin/aide --check If this check produces any unexpected output, investigate.
Additional Identifiers
Rule ID: SV-217859r603264_rule
Vulnerability ID: V-217859
Group Title: SRG-OS-000363
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-001774 |
The organization employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system. |