AlmaLinux OS 9 must use cryptographic mechanisms to protect the integrity of audit tools.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-269545 | SRG-OS-000278-GPOS-00108 | ALMA-09-056890 | SV-269545r1050428_rule | 2025-02-20 | 1 |
| Description |
|---|
| Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. Satisfies: SRG-OS-000278-GPOS-00108, SRG-OS-000257-GPOS-00098 |
| ℹ️ Check |
|---|
| Check that AIDE is properly configured to use cryptographic mechanisms to protect the integrity of the audit tools with the following command: $ grep /usr/sbin/au /etc/aide.conf /usr/sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512 /usr/sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512 /usr/sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512 /usr/sbin/aureport p+i+n+u+g+s+b+acl+xattrs+sha512 /usr/sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512 /usr/sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512 If AIDE is not installed, ask the system administrator (SA) how file integrity checks are performed on the system. If any of the audit tools listed above do not have a corresponding line including "sha512", ask the SA to indicate what cryptographic mechanisms are being used to protect the integrity of the audit tools. If there is no evidence of integrity protection, this is a finding. |
| ✔️ Fix |
|---|
| Add or update the following lines to "/etc/aide.conf", to protect the integrity of the audit tools: /usr/sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512 /usr/sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512 /usr/sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512 /usr/sbin/aureport p+i+n+u+g+s+b+acl+xattrs+sha512 /usr/sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512 /usr/sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512 |