The location of aide package
#11661
Replies: 1 comment
-
|
Hi @rumch-se , thanks for informing about this. I believe the ideal scenario is to ensure the use of {{{ aide_bin_path }}} instead of hard-code the path in rules. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello @marcusburghardt
I think that there is an error which impacts RedHat and Suse Products, and probably others. If you check the rule aide_scan_notification - which follows DISA recommendations - you will see that it expects the location of the aide package to be in /usr/sbin/aide , but the exact location of aide is /usr/bin/aide. I did a grep with -r "/usr/sbin/aide" and there are a lot of files which use this location. There are many rules which use the variable {{{ aide_bin_path }}} which points to /usr/bin/aide, but problematic files are these in which the /usr/sbin/aide is used. I can make corrections for SUSE products, but probably you have to check for RedHat , or we need to rely on a global approach to replace everywhere /usr/sbin/aide with {{{ aide_bin_path }}}
Beta Was this translation helpful? Give feedback.
All reactions