An error occurred:

Check: RHEL-06-000303

Red Hat Enterprise Linux 6 STIG: RHEL-06-000303 (in versions v2 r2 through v1 r14)

Title

The operating system must employ automated mechanisms, per organization defined frequency, to detect the addition of unauthorized components/devices into the operating system. (Cat II impact)

Discussion

By default, AIDE does not install itself for periodic execution. Periodically running AIDE may reveal unexpected changes in installed files.

Check Content

To determine that periodic AIDE execution has been scheduled, run the following command: # grep aide /etc/crontab /etc/cron.*/* If there is no output, this is a finding.

Fix Text

AIDE should be executed on a periodic basis to check for changes. To implement a daily execution of AIDE at 4:05am using cron, add the following line to /etc/crontab: 05 4 * * * root /usr/sbin/aide --check AIDE can be executed periodically through other means; this is merely one example.

Additional Identifiers

Rule ID: SV-218049r603264_rule

Vulnerability ID: V-218049

Group Title: SRG-OS-000363

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000416

The organization employs automated mechanisms, per organization-defined frequency, to detect the presence of unauthorized hardware, software, and firmware components within the information system.
CCI-001774

The organization employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-7 (5)

Authorized Software / Whitelisting
CM-8 (3)

Automated Unauthorized Component Detection