The file integrity tool must be configured to verify ACLs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22507	GEN006570	SV-63657r1_rule		Low

Description
ACLs can provide permissions beyond those permitted through the file mode and must be verified by file integrity tools.

STIG	Date
Oracle Linux 5 Security Technical Implementation Guide	2020-02-25

Details

Check Text ( C-52285r1_chk )
If using an Advanced Intrusion Detection Environment (AIDE), verify that the configuration contains the "ACL" option for all monitored files and directories. Procedure: Check for the default location /etc/aide/aide.conf or: # find / -name aide.conf # egrep "[+]?acl" If the option is not present. This is a finding. If using a different file integrity tool, check the configuration per tool documentation.

Check Text ( C-52285r1_chk )

If using an Advanced Intrusion Detection Environment (AIDE), verify that the configuration contains the "ACL" option for all monitored files and directories.

Procedure:
Check for the default location /etc/aide/aide.conf
or:
# find / -name aide.conf

# egrep "[+]?acl"
If the option is not present. This is a finding.

If using a different file integrity tool, check the configuration per tool documentation.

Fix Text (F-54245r2_fix)
If using AIDE, edit the configuration and add the "ACL" option for all monitored files and directories. If using a different file integrity tool, configure ACL checking per the tool's documentation.