{"description": "By default, the <tt>acl</tt> option is added to the <tt>FIPSR</tt> ruleset in AIDE.\nIf using a custom ruleset or the <tt>acl</tt> option is missing, add <tt>acl</tt>\nto the appropriate ruleset.\nFor example, add <tt>acl</tt> to the following line in <tt>/etc/aide/aide.conf</tt>:\n<pre>FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256</pre>\nAIDE rules can be configured in multiple ways; this is merely one example that is already\nconfigured by default.\n\n\nThe remediation provided with this rule adds <tt>acl</tt> to all rule sets available in\n<tt>/etc/aide/aide.conf</tt>", "rationale": "ACLs can provide permissions beyond those permitted through the file mode and must be\nverified by the file integrity tools.", "severity": "low", "references": {"cis-csc": ["2", "3"], "cobit5": ["APO01.06", "BAI03.05", "BAI06.01", "DSS06.02"], "isa-62443-2009": ["4.3.4.4.4"], "isa-62443-2013": ["SR 3.1", "SR 3.3", "SR 3.4", "SR 3.8"], "iso27001-2013": ["A.11.2.4", "A.12.2.1", "A.12.5.1", "A.14.1.2", "A.14.1.3", "A.14.2.4"], "nist": ["SI-7", "SI-7(1)", "CM-6(a)"], "nist-csf": ["PR.DS-6", "PR.DS-8"], "srg": ["SRG-OS-000480-GPOS-00227"], "anssi": ["R76"]}, "control_references": {"anssi": ["R76"]}, "components": [], "identifiers": {}, "ocil_clause": "the acl option is missing or not added to the correct ruleset", "ocil": "To determine that AIDE is verifying ACLs, run the following command:\n<pre>$ grep acl /etc/aide/aide.conf</pre>\nVerify that the <tt>acl</tt> option is added to the correct ruleset.", "oval_external_content": null, "fixtext": "Configure the file integrity tool to check file and directory ACLs.\n\nIf AIDE is installed, ensure the \"acl\" rule is present on all file and directory selection lists.", "checktext": "", "vuldiscussion": "", "srg_requirement": "The Ubuntu 22.04 file integrity tool must be configured to verify Access Control Lists (ACLs).", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must be configured so that the file integrity tool verifies Access Control Lists (ACLs).", "vuldiscussion": "Ubuntu 22.04 installation media ships with an optional file integrity tool called Advanced Intrusion Detection Environment (AIDE). AIDE is highly configurable at install time. This requirement assumes the \"aide.conf\" file is under the \"/etc\" directory.\n\nACLs can provide permissions beyond those permitted through the file mode and must be verified by the file integrity tools.", "checktext": "Verify that AIDE is verifying ACLs with the following command:\n\n$ sudo grep acl /etc/aide.conf\n\nAll= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux\n\nIf the \"acl\" rule is not being used on all uncommented selection lines in the \"/etc/aide.conf\" file, or ACLs are not being checked by another file integrity tool, this is a finding.", "fixtext": "Configure the file integrity tool to check file and directory ACLs.\n\nIf AIDE is installed, ensure the \"acl\" rule is present on all uncommented file and directory selection lists."}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Configure AIDE to Verify Access Control Lists (ACLs)", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml", "template": null}