STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents.

DISA Rule

SV-63653r1_rule

Vulnerability Number

V-22509

Group Title

GEN006575

Rule Version

GEN006575

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

If using AIDE, edit the configuration and add the "sha512" option for all monitored files and directories.

If using a different file integrity tool, configure FIPS 140-2 approved cryptographic hashes per the tool's documentation.

Check Contents

If using an Advanced Intrusion Detection Environment (AIDE), verify the configuration contains the "sha256" or "sha512" options for all monitored files and directories.

Procedure:
Check for the default location /etc/aide/aide.conf
or:
# find / -name aide.conf

# egrep "[+]?(sha256|sha512)" <aide.conf file>
If the option is not present. This is a finding.
If one of these options is not present. This is a finding.

If using a different file integrity tool, check the configuration per tool documentation.

Vulnerability Number

V-22509

Documentable

False

Rule Version

GEN006575

Severity Override Guidance

If using an Advanced Intrusion Detection Environment (AIDE), verify the configuration contains the "sha256" or "sha512" options for all monitored files and directories.

Procedure:
Check for the default location /etc/aide/aide.conf
or:
# find / -name aide.conf

# egrep "[+]?(sha256|sha512)" <aide.conf file>
If the option is not present. This is a finding.
If one of these options is not present. This is a finding.

If using a different file integrity tool, check the configuration per tool documentation.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments