GEN000220 - A file integrity tool must be used at least weekly to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries.

Information

Changes in system libraries, binaries and other critical system files can indicate compromise or significant system events such as patching needing to be checked by automated processes and the results reviewed by the SA.

NOTE: The frequency may be increased to daily, if necessary, in accordance with the contingency plan.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Establish an automated job, scheduled to run weekly or more frequently, to run 'aide --check' which is the file integrity tool to check for unauthorized system libraries or binaries.

NOTE: The frequency may be increased to daily, if necessary, in accordance with the contingency plan.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT, RISK ASSESSMENT

References: 800-53|CM-3(5), 800-53|RA-5(7), CAT|II, CCI|CCI-001069, CCI|CCI-001744, Rule-ID|SV-218192r603259_rule, STIG-ID|GEN000220, STIG-Legacy|SV-63133, STIG-Legacy|V-11945, Vuln-ID|V-218192

Plugin: Unix

Control ID: 1bcfa8d0535c726a052bd9006dc4ae5ddc353037f22688062de57bbc05636268