AlmaLinux OS 9 must use cryptographic mechanisms to protect the integrity of audit tools.

An XCCDF Rule

Description

Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. Satisfies: SRG-OS-000278-GPOS-00108, SRG-OS-000257-GPOS-00098

ID: SV-269545r1050428_rule
Version: ALMA-09-056890
Severity: Medium
References: CCI-001494 CCI-001496
Updated: about 2 months ago

Remediation Templates

Add or update the following lines to "/etc/aide.conf", to protect the integrity of the audit tools:
 
/usr/sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/aureport p+i+n+u+g+s+b+acl+xattrs+sha512/usr/sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512

AlmaLinux OS 9 must use cryptographic mechanisms to protect the integrity of audit tools.

Description

Remediation Templates

A Manual Procedure