{"description": "By default, the <tt>xattrs</tt> option is added to the <tt>FIPSR</tt> ruleset in AIDE.\nIf using a custom ruleset or the <tt>xattrs</tt> option is missing, add <tt>xattrs</tt>\nto the appropriate ruleset.\nFor example, add <tt>xattrs</tt> to the following line in <tt>/etc/aide/aide.conf</tt>:\n<pre>FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256</pre>\nAIDE rules can be configured in multiple ways; this is merely one example that is already\nconfigured by default.\n\n\nThe remediation provided with this rule adds <tt>xattrs</tt> to all rule sets available in\n<tt>/etc/aide/aide.conf</tt>", "rationale": "Extended attributes in file systems are used to contain arbitrary data and file metadata\nwith security implications.", "severity": "low", "references": {"cis-csc": ["2", "3"], "cobit5": ["APO01.06", "BAI03.05", "BAI06.01", "DSS06.02"], "isa-62443-2009": ["4.3.4.4.4"], "isa-62443-2013": ["SR 3.1", "SR 3.3", "SR 3.4", "SR 3.8"], "iso27001-2013": ["A.11.2.4", "A.12.2.1", "A.12.5.1", "A.14.1.2", "A.14.1.3", "A.14.2.4"], "nist": ["SI-7", "SI-7(1)", "CM-6(a)"], "nist-csf": ["PR.DS-6", "PR.DS-8"], "srg": ["SRG-OS-000480-GPOS-00227"], "anssi": ["R76"]}, "control_references": {"anssi": ["R76"]}, "components": [], "identifiers": {}, "ocil_clause": "the xattrs option is missing or not added to the correct ruleset", "ocil": "To determine that AIDE is verifying extended file attributes, run the following command:\n<pre>$ grep xattrs /etc/aide/aide.conf</pre>\nVerify that the <tt>xattrs</tt> option is added to the correct ruleset.", "oval_external_content": null, "fixtext": "Configure the file integrity tool to check file and directory extended attributes.\n\nIf AIDE is installed, ensure the \"xattrs\" rule is present on all uncommented file and directory selection lists.", "checktext": "", "vuldiscussion": "", "srg_requirement": "The Ubuntu 22.04 file integrity tool must be configured to verify extended attributes.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must be configured so that the file integrity tool verifies extended attributes.", "vuldiscussion": "Ubuntu 22.04 installation media ships with an optional file integrity tool called Advanced Intrusion Detection Environment (AIDE). AIDE is highly configurable at install time. This requirement assumes the \"aide.conf\" file is under the \"/etc\" directory.\n\nExtended attributes in file systems are used to contain arbitrary data and file metadata with security implications.", "checktext": "Verify that AIDE is configured to verify extended attributes with the following command:\n\n$ sudo grep xattrs /etc/aide.conf\n\nAll= p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux\n\nIf the \"xattrs\" rule is not being used on all uncommented selection lines in the \"/etc/aide.conf\" file, or extended attributes are not being checked by another file integrity tool, this is a finding.", "fixtext": "Configure the file integrity tool to check file and directory extended attributes.\n\nIf AIDE is installed, ensure the \"xattrs\" rule is present on all uncommented file and directory selection lists."}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Configure AIDE to Verify Extended Attributes", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml", "template": null}