On 5/1/12 7:18 PM, Willy Santos wrote:
CCI-001297 requires teh detection of unauthorized changes to software
and information, aide_periodic_cron_checking meets this requirement.
Signed-off-by: Willy Santos<wsantos(a)redhat.com>
---
rhel6/src/input/system/software/integrity.xml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rhel6/src/input/system/software/integrity.xml
b/rhel6/src/input/system/software/integrity.xml
index 902ad8f..5fd76c2 100644
--- a/rhel6/src/input/system/software/integrity.xml
+++ b/rhel6/src/input/system/software/integrity.xml
@@ -92,7 +92,7 @@ AIDE can be executed periodically through other means; this is merely
one exampl
By default, AIDE does not install itself for periodic execution. Periodically
running AIDE may reveal unexpected changes in installed files.
</rationale>
-<ref nist="CM-6, SC-28, SI-7" disa="416"/>
+<ref nist="CM-6, SC-28, SI-7" disa="416,1297"/>
</Rule>
<Rule id="aide_verify_integrity_manually">
Nack
Associating this with only aide_periodic_cron_checking could lead one to
believe they only have to install aide and throw it into a cron job,
versus stepping through the other rules in the section. I'd rather see
this associated with the overall aide group vs a specific rule.