efbeb691a2
CentOS/RHEL have strict AIDE configs, but Ubuntu's configuration needs extra configuration. This patch adds lines to the end of Ubuntu's AIDE confgiuration to meet the requirements of RHEL-07-021600, RHEL-07-021610, and RHEL-07-021620. Documentation is included. Implements: blueprint security-rhel7-stig Change-Id: I107fa931f80d6871195027be0ed8db4105e2ddf4
15 lines
433 B
Plaintext
15 lines
433 B
Plaintext
# Rules borrowed from CentOS/RHEL AIDE configuration
|
|
# (SELinux was removed for Ubuntu compatibility.)
|
|
FIPSR = p+i+n+u+g+s+m+c+acl+xattrs+sha256
|
|
NORMAL = FIPSR+sha512
|
|
|
|
# The following two lines apply the NORMAL rule (above this line) to the
|
|
# /bin and /sbin directories to meet the requirements of two STIG controls:
|
|
#
|
|
# RHEL-07-021600 - Verify ACLs
|
|
# RHEL-07-021610 - Verify extended attributes
|
|
#
|
|
/bin NORMAL
|
|
/sbin NORMAL
|
|
|