Do STIGs force implementation?
by scottieH from LinuxQuestions.org on (#5HYBF)
I'm running RHEL 7.9. Here's an example of what I'm asking:
RHEL-07-020040 V-71975
https://www.stigviewer.com/stig/red_...inding/V-71975
Designated personnel must be notified if baseline configurations are changed in an unauthorized manner.
Basically, this is saying that any aide findings need to be emailed to "designated personnel"
Code:AIDE does not have a configuration that will send a notification, so the cron job uses the mail application on the system to email the results of the file integrity run as in the following example:
# more /etc/cron.daily/aide
0 0 * * * /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil
If the file integrity application does not notify designated personnel of changes, this is a finding.I am running aide. My cron job does not run /usr/sbin/aide. Instead, it runs a script (~root/cron/aide). If there are any findings, the script will e-mail the "authorized poersonnel".
I do not pipe the output of aid to the mail program.
My question:
Is this a legitmate finding (because I am not implementing aide as documented in the STIG), or is it a False Finding, because I am meeting the requirement?
RHEL-07-020040 V-71975
https://www.stigviewer.com/stig/red_...inding/V-71975
Designated personnel must be notified if baseline configurations are changed in an unauthorized manner.
Basically, this is saying that any aide findings need to be emailed to "designated personnel"
Code:AIDE does not have a configuration that will send a notification, so the cron job uses the mail application on the system to email the results of the file integrity run as in the following example:
# more /etc/cron.daily/aide
0 0 * * * /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil
If the file integrity application does not notify designated personnel of changes, this is a finding.I am running aide. My cron job does not run /usr/sbin/aide. Instead, it runs a script (~root/cron/aide). If there are any findings, the script will e-mail the "authorized poersonnel".
I do not pipe the output of aid to the mail program.
My question:
Is this a legitmate finding (because I am not implementing aide as documented in the STIG), or is it a False Finding, because I am meeting the requirement?