CCI-001744

Install AIDE

Configure Periodic Execution of AIDE

Configure Notification of Post-AIDE Scan Details

The mailx Package Is Installed

The DataPower Gateway must implement organization-defined automated security responses if baseline configurations are changed in an unauthorized manner.

The Mainframe Product must implement organization-defined automated security responses if baseline configurations are changed in an unauthorized manner.

Nutanix AOS must notify designated personnel if baseline configurations are changed in an unauthorized manner.

Tanium must implement organization-defined automated security responses if baseline configurations are changed in an unauthorized manner.

The Ubuntu operating system must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered.

The Ubuntu operating system must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the system administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered.

The operating system must notify designated personnel if baseline configurations are changed in an unauthorized manner.

IBM z/OS system administrator must develop a procedure to notify designated personnel if baseline configurations are changed in an unauthorized manner.

System files must be monitored for unauthorized changes.

Windows Server 2019 system files must be monitored for unauthorized changes.

Windows Server 2022 system files must be monitored for unauthorized changes.

The Oracle Linux operating system must be configured so that a file integrity tool verifies the baseline operating system configuration at least weekly.

The Oracle Linux operating system must be configured so that designated personnel are notified if baseline configurations are changed in an unauthorized manner.

The Oracle Linux operating system must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.

The OL 8 file integrity tool must notify the System Administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency.

OL 8 must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.

The RHEL 8 file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency.

The Red Hat Enterprise Linux operating system must be configured so that a file integrity tool verifies the baseline operating system configuration at least weekly.

The Red Hat Enterprise Linux operating system must be configured so that designated personnel are notified if baseline configurations are changed in an unauthorized manner.

The Red Hat Enterprise Linux operating system must be configured to allow sending email notifications of configuration changes and adverse events to designated personnel.

RHEL 8 must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.

RHEL 9 must have the s-nail package installed.

Advanced Intrusion Detection Environment (AIDE) must verify the baseline SUSE operating system configuration at least weekly.

The SUSE operating system must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.

RHEL 9 must have the AIDE package installed.

RHEL 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered.

The operating system must employ automated mechanisms, per organization-defined frequency, to detect the addition of unauthorized components/devices into the operating system.

The VMM must notify designated personnel if baseline configurations are changed in an unauthorized manner.

The Photon operating system must have the auditd service running.

The vCenter server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.

vCenter must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.

The Photon operating system must enable the auditd service.

The BIG-IP appliance must be configured to implement automated security responses if baseline configurations are changed in an unauthorized manner.

The s-nail Package Is Installed

Configure Systemd Timer Execution of AIDE

Configure AIDE To Notify Personnel if Baseline Configurations Are Altered

Ubuntu 22.04 LTS must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered.

IBM Security zSecure must implement organization-defined automated security responses if baseline zSecure configurations are changed in an unauthorized manner.

SLEM 5 must use a file integrity tool to verify correct operation of all security functions.

Advanced Intrusion Detection Environment (AIDE) must verify the baseline SLEM 5 configuration at least weekly.

The TOSS file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency.

The Photon operating system must configure AIDE to detect changes to baseline configurations.