Rule ID
SV-254188r958794_rule
Version
V1R2
CCIs
Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating system. Changes to operating system configurations can have unintended side effects, some of which may be relevant to security. Detecting such changes and providing an automated response can help avoid unintended, negative consequences that could ultimately affect the security state of the operating system. The operating system's ISSO and SAs must be notified via email and/or monitoring system trap when there is an unauthorized modification of a configuration item.
Confirm that Nutanix AOS has been set to have the Advanced Intrusion Detection Environment (AIDE) installed and enabled. $ sudo yum list installed aide Installed Packages aide.x86_64 If the aide_x86_64 package is not installed, this is a finding. Check for the presence of a cron job running daily or weekly on the system that executes AIDE daily to scan for changes to the system baseline. Check the cron directories for a script file controlling the execution of the file integrity application. For example, if AIDE is installed on the system, use the following command: $ sudo ls -al /etc/cron.* | grep aide If the file integrity application does not exist, or a script file controlling the execution of the file integrity application does not exist, this is a finding.
Configure AIDE on Nutanix AOS by running the following command: $ ncli cluster edit-cvm-security-params enable-aide=true