Vulnerability Discussion

Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.

Satisfies: SRG-OS-000363-GPOS-00150, SRG-OS-000445-GPOS-00199, SRG-OS-000358-GPOS-00145

Check

Verify Amazon Linux 2023 has the AIDE package installed with the following command:

$ dnf list --installed aide
Installed Packages
aide.x86_64 0.18.6-1.amzn2023.0.1 @amazonlinux

If AIDE is not installed, ask the system administrator (SA) how file integrity checks are performed on the system.

If there is no application installed to perform integrity checks, this is a finding.

If AIDE is installed, check if it has been initialized with the following command:

$ sudo /usr/sbin/aide --check

If the output is "Couldn't open file /var/lib/aide/aide.db.gz for reading", this is a finding.

Fix

Configure Amazon Linux 2023 to have the AIDE package installed.

Install AIDE with the following commands:

Install AIDE:

$ sudo dnf install -y aide

Initialize AIDE:

$ sudo /usr/sbin/aide --init

sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Perform a manual check:

$ sudo /usr/sbin/aide --check
Example output:

2023-06-05 10:16:08 -0600 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!