1.3.5 Ensure AIDE is configured to use FIPS 140-2 - sha512

Information

The operating system must use a file integrity tool that is configured to use FIPS 140-2 approved cryptographic hashes for validating file contents and directories.

Rationale:

File integrity tools use cryptographic hashes for verifying file contents and directories have not been altered. These hashes must be FIPS 140-2 approved cryptographic hashes.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure the file integrity tool to use FIPS 140-2 cryptographic hashes for validating file and directory contents.
If AIDE is installed, ensure the sha512 rule is present on all uncommented file and directory selection lists.
Example: vim /etc/aide.conf
add a rule that includes the sha512 example:

All=p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
/bin All # apply the custom rule to the files in bin
/sbin All # apply the same custom rule to the files in sbin

See Also

https://workbench.cisecurity.org/files/3636

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CCI|CCI-000366, CSCv7|14.6, Rule-ID|SV-204500r603261_rule, STIG-ID|RHEL-07-021620

Plugin: Unix

Control ID: 69a273687d04b1eecda5f1e08711919111b1b8603d2006085fc061c00968eca8