STIGQter STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The operating system must employ automated mechanisms, per organization defined frequency, to detect the addition of unauthorized components/devices into the operating system.

DISA Rule

SV-219572r603263_rule

Vulnerability Number

V-219572

Group Title

SRG-OS-000363

Rule Version

OL6-00-000303

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

AIDE should be executed on a periodic basis to check for changes. To implement a daily execution of AIDE at 4:05am using cron, add the following line to /etc/crontab:

05 4 * * * root /usr/sbin/aide --check

AIDE can be executed periodically through other means; this is merely one example.

Check Contents

To determine that periodic AIDE execution has been scheduled, run the following command:

# grep aide /etc/crontab /etc/cron.*/*

If there is no output, this is a finding.

Vulnerability Number

V-219572

Documentable

False

Rule Version

OL6-00-000303

Severity Override Guidance

To determine that periodic AIDE execution has been scheduled, run the following command:

# grep aide /etc/crontab /etc/cron.*/*

If there is no output, this is a finding.

Check Content Reference

M

Target Key

2928

Comments