A file integrity tool must be used at least daily to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-11945 | GEN000220 | SV-30005r1_rule | DCSL-1 | Medium |
| Description |
|---|
| Changes in system libraries, binaries and other critical system files can indicate compromise or significant system events such as patching needing to be checked by automated processes and the results reviewed by the SA. NOTE: This requirement only applies to MAC I systems. |
| STIG | Date |
|---|---|
| Draft AIX Security Technical Implementation Guide | 2011-08-17 |
Details
| Check Text ( C-32783r1_chk ) |
|---|
| This will virtually always be a manual review. Determine if there is an automated job, scheduled to run daily or more frequently, to run the file integrity tool to check for unauthorized system libraries or binaries, or unauthorized modification to authorized system libraries or binaries. If there is not, this is a finding. |
| Fix Text (F-28861r1_fix) |
|---|
| Establish an automated job, scheduled to run daily or more frequently, to run the file integrity tool to check for unauthorized system libraries or binaries, or unauthorized modification to authorized system libraries or binaries. |