On Thu, Oct 16, 2014 at 7:38 AM, jason polachak <jasonpolac...@gmail.com> wrote: > All, > > Do you know if OSSEC is able to support these three DoD STIG requirements? I > am unable to find this out in the documentation. I tried to get an answer > from the standard contact us email section of OSSEC and they said to post > here. > > The three questions are first, does the file integrity tool configurable to > verify ACL's. Second, does the file integrity tool able to verify extended
It alerts on changes to basic permissions and ownership on unix-like systems, not sure about Windows. I don't think we delve into extended attributes. > attributes? Lastly, does the file integrity tool use FIPS 140-2 approved > cryptographic hashes for validating file contents? I have copy and pasted Not sure about FIPS. One of the file hashes we use is a SHA variant, but I don't remember which one off hand and wouldn't know if it's FIPS compliant. I know we haven't been FIPS certificated, so I doubt anything we use is FIPS compliant anyways. > the actual verbiage from the STIG's. Any help would be greatly appreciated. > > Rule Title: The file integrity tool must be configured to verify ACLs. > Vulnerability Discussion: ACLs can provide permissions beyond those > permitted through the file mode and must be verified by file integrity > tools. > > > Rule Title: The file integrity tool must be configured to verify extended > attributes. > Vulnerability Discussion: Extended attributes in file systems are used to > contain arbitrary data and file metadata with security implications. > > > Rule Title: The file integrity tool must use FIPS 140-2 approved > cryptographic hashes for validating file contents. > Vulnerability Discussion: File integrity tools often use cryptographic > hashes for verifying that file contents have not been altered. These hashes > must be FIPS 140-2 approved. > > > Thanks, > Jason > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.