mediumfilesystemverified ✓
Ensure the file integrity tool verifies Access Control Lists
aide-acl-check · RHEL ≥ 8 · 1 impl
Description
The AIDE file integrity tool must be configured to verify Access Control Lists (ACLs) on monitored files and directories.
Rationale
Without ACL verification, an attacker could modify file ACLs to grant unauthorized access without triggering file integrity alerts. Including ACL checks in AIDE ensures that any modification to access permissions is detected.
Check → Remediate
Checkcommand
# Check if AIDE is configured with acl option if grep -qiE 'acl' /etc/aide.conf /etc/aide.d/*.conf 2>/dev/null; then echo "OK: AIDE is configured to verify ACLs" exit 0 fi echo "FAIL: AIDE is not configured to verify ACLs" exit 1
- expected_exit:
- 0
Remediatemanual
- note:
- Add 'acl' to the AIDE check groups in /etc/aide.conf. For example, add to your NORMAL or PERMS rule set: PERMS = p+i+u+g+acl+xattrs+sha256 Then reinitialize the AIDE database: aide --init
Framework references
STIG
V-280981 / RHEL-10-200634V-258138 / RHEL-09-651030V-230552
NIST 800-53
AU-7CM-3SI-7
Live verification
rhel8:checkrhel9:check
#aide#file-integrity#acl#security