The operating system must ensure unauthorized, security-relevant configuration changes detected are tracked.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-219576 | OL6-00-000307 | SV-219576r793833_rule | Medium |
| Description |
|---|
| By default, AIDE does not install itself for periodic execution. Periodically running AIDE may reveal unexpected changes in installed files. |
| STIG | Date |
|---|---|
| Oracle Linux 6 Security Technical Implementation Guide | 2021-12-03 |
Details
| Check Text ( C-21301r358268_chk ) |
|---|
| To determine that periodic AIDE execution has been scheduled, run the following command: # grep aide /etc/crontab /etc/cron.*/* If there is no output, this is a finding. |
| Fix Text (F-21300r358269_fix) |
|---|
| AIDE should be executed on a periodic basis to check for changes. To implement a daily execution of AIDE at 4:05am using cron, add the following line to /etc/crontab: 05 4 * * * root /usr/sbin/aide --check AIDE can be executed periodically through other means; this is merely one example. |