SV-227955r603266_rule
V-227955
SRG-OS-000278
GEN006575
CAT III
10
If using AIDE, edit the configuration and add the sha256 or sha512 option for all monitored files and directories.
If using a different file integrity tool, configure FIPS 140-2 approved cryptographic hashes per the tool's documentation.
If using AIDE, verify the configuration contains the sha256 or sha512 options for all monitored files and directories. Here is an example AIDE configuration fragment.
SampleRule = p+i+l+n+u+g+s+m+c+acl+xattrs+sha256
/bin SampleRule
If either the sha256 or sha512 option is not present, this is a finding.
If using a different file integrity tool, check the configuration per tool documentation.
V-227955
False
GEN006575
If using AIDE, verify the configuration contains the sha256 or sha512 options for all monitored files and directories. Here is an example AIDE configuration fragment.
SampleRule = p+i+l+n+u+g+s+m+c+acl+xattrs+sha256
/bin SampleRule
If either the sha256 or sha512 option is not present, this is a finding.
If using a different file integrity tool, check the configuration per tool documentation.
M
4061