← Rules Catalog
mediumfilesystemverified

Ensure the file integrity tool verifies Access Control Lists

aide-acl-check · RHEL ≥ 8 · 1 impl

Description

The AIDE file integrity tool must be configured to verify Access Control Lists (ACLs) on monitored files and directories.

Rationale

Without ACL verification, an attacker could modify file ACLs to grant unauthorized access without triggering file integrity alerts. Including ACL checks in AIDE ensures that any modification to access permissions is detected.

Check → Remediate

Checkcommand
# Check if AIDE is configured with acl option
if grep -qiE 'acl' /etc/aide.conf /etc/aide.d/*.conf 2>/dev/null; then
  echo "OK: AIDE is configured to verify ACLs"
  exit 0
fi
echo "FAIL: AIDE is not configured to verify ACLs"
exit 1
expected_exit:
0
Remediatemanual
note:
Add 'acl' to the AIDE check groups in /etc/aide.conf. For example, add to your NORMAL or PERMS rule set: PERMS = p+i+u+g+acl+xattrs+sha256 Then reinitialize the AIDE database: aide --init

Framework references

STIG

V-280981 / RHEL-10-200634V-258138 / RHEL-09-651030V-230552

NIST 800-53

AU-7CM-3SI-7

Live verification

rhel8:checkrhel9:check
#aide#file-integrity#acl#security