Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Ubuntu 18.04
System Settings
Installing and Maintaining Software
System and Software Integrity
Software Integrity Checking
Software Integrity Checking
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Software Integrity Checking
1 Rule
Both the AIDE (Advanced Intrusion Detection Environment) software and the RPM package management system provide mechanisms for verifying the integrity of installed software. AIDE uses snapshots of file metadata (such as hashes) and compares these to current system files in order to detect changes.
The RPM package management system can conduct integrity checks by comparing information in its metadata database with files installed on the system.
Integrity Scan Notification Email Address
Specify the email address for designated personnel if baseline configurations are changed in an unauthorized manner.
Verify Integrity with RPM
The RPM package management system includes the ability to verify the integrity of installed packages by comparing the installed files with information about the files taken from the package metadata stored in the RPM database. Although an attacker could corrupt the RPM database (analogous to attacking the AIDE database as described above), this check can still reveal modification of important files. To list which files on the system differ from what is expected by the RPM database:
$ rpm -qVa
See the man page for
rpm
to see a complete explanation of each column.
Verify Integrity with AIDE
1 Rule
AIDE conducts integrity checks by comparing information about files with previously-gathered information. Ideally, the AIDE database is created immediately after initial system configuration, and then again after any software update. AIDE is highly configurable, with further configuration information located in
/usr/share/doc/aide-
VERSION
.
Configure AIDE To Notify Personnel if Baseline Configurations Are Altered
Medium Severity
The operating system file integrity tool must be configured to notify designated personnel of any changes to configurations.