The file integrity tool must be configured to verify ACLs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22507	GEN006570	SV-37752r1_rule	ECAT-1	Low

Description
ACLs can provide permissions beyond those permitted through the file mode and must be verified by file integrity tools.

STIG	Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide	2017-03-01

Details

Check Text ( C-36950r1_chk )
If using an Advanced Intrusion Detection Environment (AIDE), verify that the configuration contains the "ACL" option for all monitored files and directories. Procedure: Check for the default location /etc/aide/aide.conf or: # find / -name aide.conf # egrep "[+]?acl" If the option is not present. This is a finding. If using a different file integrity tool, check the configuration per tool documentation.

Check Text ( C-36950r1_chk )

If using an Advanced Intrusion Detection Environment (AIDE), verify that the configuration contains the "ACL" option for all monitored files and directories.

Procedure:
Check for the default location /etc/aide/aide.conf
or:
# find / -name aide.conf

# egrep "[+]?acl"
If the option is not present. This is a finding.

If using a different file integrity tool, check the configuration per tool documentation.

Fix Text (F-32214r1_fix)
If using AIDE, edit the configuration and add the "ACL" option for all monitored files and directories. If using a different file integrity tool, configure ACL checking per the tool's documentation.