Skip to content

File Integrity security controls

Control : FILE-6310

Some partitions like /tmp and /home can be easily filled by users of a system. When not being separated from the root file system, this might increase the risk of filling up this file system and cause malfunctioning to other system components.

Control : FILE-6332

This control checks if there is a swap partition configured in /etc/fstab. Usually it should be there, depending on how the system has been configured.

Control : FILE-6336

The /etc/fstab file determines the available mount points for your system. This particular test looks for a swap partition and determines if there is any unexpected mount parameter used for these kind of partitions.

Control : FILE-6354

Lynis tests for the presence of old files in /tmp, as these files might be filling up space without any reason. Secondly to prevent file systems running out of space, or be used as permanent storage. Also malware is commonly found in /tmp, as a temporary staging place.

Control : FILE-6410

When locate has been found, Lynis checks for the related database.

Control : FILE-7524

This control describes the expected file permissions as configured in the profile. Depending on the tested files and related result, determine why a different permission set is being used, or correct it where appropriate.

Control : FINT-4315

AIDE configuration errors were found

Control : FINT-4350

To monitor for unauthorized changes, a file integrity tool can help with the detection of such event. Each time the contents or the properties of a file change, it will have a different checksum. With regular checks of the related integrity database, discovering changes becomes easy.Install a tool like AIDE, Samhain or Tripwire to monitor important system and data files. Additionally configure the tool to alert system or security personnel on events.

Control : FINT-4402

This check found that SHA256 or SHA512 were not used to create hashes of files.