UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The operating system must provide a near real-time alert when any of the organization defined list of compromise or potential compromise indicators occurs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38700 RHEL-06-000305 SV-50501r2_rule Medium
Description
By default, AIDE does not install itself for periodic execution. Periodically running AIDE may reveal unexpected changes in installed files.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2018-11-28

Details

Check Text ( C-46262r2_chk )
To determine that periodic AIDE execution has been scheduled, run the following command:

# grep aide /etc/crontab /etc/cron.*/*

If there is no output, this is a finding.
Fix Text (F-43649r1_fix)
AIDE should be executed on a periodic basis to check for changes. To implement a daily execution of AIDE at 4:05am using cron, add the following line to /etc/crontab:

05 4 * * * root /usr/sbin/aide --check

AIDE can be executed periodically through other means; this is merely one example.