SLEM 5 file integrity tool must be configured to verify Access Control Lists (ACLs).
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-261404 | SRG-OS-000480-GPOS-00227 | SLEM-05-651015 | SV-261404r996629_rule | 2024-06-04 | 1 |
| Description |
|---|
| ACLs can provide permissions beyond those permitted through the file mode and must be verified by file integrity tools. |
| ℹ️ Check |
|---|
| Verify that SLEM 5 file integrity tool is configured to verify extended attributes. > sudo grep acl /etc/aide.conf All= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux If the "acl" rule is not being used on all selection lines in the "/etc/aide.conf" file, or extended attributes are not being checked by another file integrity tool, this is a finding. |
| ✔️ Fix |
|---|
| Configure SLEM 5 file integrity tool to check file and directory ACLs. If AIDE is installed, ensure the "acl" rule is present on all file and directory selection lists. |