Configure AIDE to Verify Extended Attributes
An XCCDF Rule
Description
By default, the xattrs
option is added to the FIPSR
ruleset in AIDE.
If using a custom ruleset or the xattrs
option is missing, add xattrs
to the appropriate ruleset.
For example, add xattrs
to the following line in /etc/aide.conf
:
FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256AIDE rules can be configured in multiple ways; this is merely one example that is already configured by default. The remediation provided with this rule adds
xattrs
to all rule sets available in
/etc/aide.conf
Rationale
Extended attributes in file systems are used to contain arbitrary data and file metadata with security implications.
- ID
- xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes
- Severity
- Low
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
if ! rpm -q --quiet "aide" ; then
dnf install -y "aide"
fi
Remediation - Ansible
- name: Gather list of packages
package_facts:
manager: auto
when:
- ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
- ''