{"description": "System and software integrity can be gained by installing antivirus, increasing\nsystem encryption strength with FIPS, verifying installed software, enabling SELinux,\ninstalling an Intrusion Prevention System, etc. However, installing or enabling integrity\nchecking tools cannot <i>prevent</i> intrusions, but they can detect that an intrusion\nmay have occurred. Requirements for integrity checking may be highly dependent on\nthe environment in which the system will be used. Snapshot-based approaches such\nas AIDE may induce considerable overhead in the presence of frequent software updates.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": ["certified-vendor", "crypto", "endpoint_security_software", "fips", "software-integrity"], "rules": ["disable_prelink", "package_prelink_removed"], "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "System and Software Integrity", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/integrity/group.yml"}