STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system must notify the System Administrator (SA) when AIDE discovers anomalies in the operation of any security functions.

DISA Rule

SV-217149r603262_rule

Vulnerability Number

V-217149

Group Title

SRG-OS-000447-GPOS-00201

Rule Version

SLES-12-010510

Severity

CAT II

CCI(s)

• CCI-002702 - The information system shuts the information system down, restarts the information system, and/or initiates organization-defined alternative action(s) when anomalies in the operation of the organization-defined security functions are discovered.

Weight

10

Fix Recommendation

Configure the SUSE operating system to notify the SA when AIDE discovers anomalies in the operation of any security functions.

Add following command to a cron job replacing the "[E-MAIL]" parameter with a proper email address for the SA:

/usr/sbin/aide --check | /bin/mail -s "aide integrity check run for <system name>" root@notareal.email

Check Contents

Verify the SUSE operating system notifies the SA when AIDE discovers anomalies in the operation of any security functions.

Check to see if the aide cron job sends an email when executed with the following command:

# sudo crontab -l

0 0 * * 6 /usr/sbin/aide --check | /bin/mail -s "aide integrity check run for <system name>" root@notareal.email

If a "crontab" entry does not exist, check the cron directories for a script that runs the file integrity application and is configured to execute a binary to send an email:

# ls -al /etc/cron.daily /etc/cron.weekly

If a cron job is not configured to execute a binary to send an email (such as "/usr/bin/mail"), this is a finding.

Vulnerability Number

V-217149

Documentable

False

Rule Version

SLES-12-010510

Severity Override Guidance

Verify the SUSE operating system notifies the SA when AIDE discovers anomalies in the operation of any security functions.

Check to see if the aide cron job sends an email when executed with the following command:

# sudo crontab -l

0 0 * * 6 /usr/sbin/aide --check | /bin/mail -s "aide integrity check run for <system name>" root@notareal.email

If a "crontab" entry does not exist, check the cron directories for a script that runs the file integrity application and is configured to execute a binary to send an email:

# ls -al /etc/cron.daily /etc/cron.weekly

If a cron job is not configured to execute a binary to send an email (such as "/usr/bin/mail"), this is a finding.

Check Content Reference

M

Target Key

4033

Comments