Rule ID
SV-274024r1190697_rule
Version
V1R3
CCIs
CCI-001744, CCI-002696, CCI-001889
If security functions are not verified, they may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters. Satisfies: SRG-OS-000363-GPOS-00150, SRG-OS-000445-GPOS-00199, SRG-OS-000358-GPOS-00145
Verify Amazon Linux 2023 has the AIDE package installed with the following command: $ dnf list --installed aide Installed Packages aide.x86_64 0.18.6-1.amzn2023.0.1 @amazonlinux If AIDE is not installed, ask the system administrator (SA) how file integrity checks are performed on the system. If there is no application installed to perform integrity checks, this is a finding. If AIDE is installed, check if it has been initialized with the following command: $ sudo /usr/sbin/aide --check If the output is "Couldn't open file /var/lib/aide/aide.db.gz for reading", this is a finding.
Configure Amazon Linux 2023 to have the AIDE package installed. Install AIDE: $ sudo dnf install -y aide Initialize AIDE: $ sudo /usr/sbin/aide --init The new database must be renamed to be read by AIDE: $ sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz Perform a manual check: $ sudo /usr/sbin/aide --check Example output: 2023-06-05 10:16:08 -0600 (AIDE 0.16) AIDE found NO differences between database and filesystem. Looks okay!!