Configure AIDE to Verify Access Control Lists (ACLs)
An XCCDF Rule
Description
By default, the acl
option is added to the FIPSR
ruleset in AIDE.
If using a custom ruleset or the acl
option is missing, add acl
to the appropriate ruleset.
For example, add acl
to the following line in /etc/aide.conf
:
FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256AIDE rules can be configured in multiple ways; this is merely one example that is already configured by default. The remediation provided with this rule adds
acl
to all rule sets available in
/etc/aide.conf
Rationale
ACLs can provide permissions beyond those permitted through the file mode and must be verified by the file integrity tools.
- ID
- xccdf_org.ssgproject.content_rule_aide_verify_acls
- Severity
- Low
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
if ! rpm -q --quiet "aide" ; then
dnf install -y "aide"
fi
Remediation - Ansible
- name: Gather list of packages
package_facts:
manager: auto
when:
- ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
- ''