UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A file integrity baseline must be created.


Overview

Finding ID Version Rule ID IA Controls Severity
V-59353 OL6-00-000018 SV-73783r1_rule Medium
Description
For AIDE to be effective, an initial database of "known-good" information about files must be captured and it should be able to be verified against the installed files.
STIG Date
Oracle Linux 6 Security Technical Implementation Guide 2018-03-01

Details

Check Text ( C-60133r1_chk )
To find the location of the AIDE database file, run the following command:

# grep DBDIR /etc/aide.conf

Using the defined values of the [DBDIR] and [database] variables, verify the existence of the AIDE database file:

# ls -l [DBDIR]/[database_file_name]

If there is no database file, this is a finding.
Fix Text (F-64753r1_fix)
Run the following command to generate a new database:

# /usr/sbin/aide --init

By default, the database will be written to the file "/var/lib/aide/aide.db.new.gz". Storing the database, the configuration file "/etc/aide.conf", and the binary "/usr/sbin/aide" (or hashes of these files), in a secure location (such as on read-only media) provides additional assurance about their integrity. The newly-generated database can be installed as follows:

# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

To initiate a manual check, run the following command:

# /usr/sbin/aide --check

If this check produces any unexpected output, investigate.