The file integrity tool must be configured to verify ACLs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22507	GEN006570	SV-45915r1_rule		Low

Description
ACLs can provide permissions beyond those permitted through the file mode and must be verified by file integrity tools.

STIG	Date
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide	2018-09-19

Details

Check Text ( C-43225r1_chk )
If using an Advanced Intrusion Detection Environment (AIDE), verify that the configuration contains the "ACL" option for all monitored files and directories. Procedure: Check for the default location /etc/aide/aide.conf or: # find / -name aide.conf # egrep "[+]?acl" If the option is not present. This is a finding. If using a different file integrity tool, check the configuration per tool documentation.

Check Text ( C-43225r1_chk )

If using an Advanced Intrusion Detection Environment (AIDE), verify that the configuration contains the "ACL" option for all monitored files and directories.

Procedure:
Check for the default location /etc/aide/aide.conf
or:
# find / -name aide.conf

# egrep "[+]?acl"
If the option is not present. This is a finding.

If using a different file integrity tool, check the configuration per tool documentation.

Fix Text (F-39295r1_fix)
If using AIDE, edit the configuration and add the "ACL" option for all monitored files and directories. If using a different file integrity tool, configure ACL checking per the tool's documentation.