The file integrity tool must be configured to verify extended attributes.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22508	GEN006571	SV-37753r1_rule	ECAT-1	Low

Description
Extended attributes in file systems are used to contain arbitrary data and file metadata with security implications.

STIG	Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide	2015-06-12

Details

Check Text ( C-36951r1_chk )
If using an Advanced Intrusion Detection Environment (AIDE), verify the configuration contains the "xattrs" option for all monitored files and directories. Procedure: Check for the default location /etc/aide/aide.conf or: # find / -name aide.conf # egrep "[+]?xattrs" If the option is not present. This is a finding. If using a different file integrity tool, check the configuration per tool documentation.

Check Text ( C-36951r1_chk )

If using an Advanced Intrusion Detection Environment (AIDE), verify the configuration contains the "xattrs" option for all monitored files and directories.

Procedure:
Check for the default location /etc/aide/aide.conf
or:
# find / -name aide.conf

# egrep "[+]?xattrs"
If the option is not present. This is a finding.
If using a different file integrity tool, check the configuration per tool documentation.

Fix Text (F-32215r1_fix)
If using AIDE, edit the configuration and add the "xattrs" option for all monitored files and directories. If using a different file integrity tool, configure extended attributes checking per the tool's documentation.