File Integrity security controls
Control : FILE-6310
Some partitions like /tmp and /home can be easily filled by users of a system. When not being separated from the root file system, this might increase the risk of filling up this file system and cause malfunctioning to other system components.
Control : FILE-6332
This control checks if there is a swap partition configured in /etc/fstab. Usually it should be there, depending on how the system has been configured.
Control : FILE-6336
The /etc/fstab file determines the available mount points for your system. This particular test looks for a swap partition and determines if there is any unexpected mount parameter used for these kind of partitions.
Control : FILE-6354
Lynis tests for the presence of old files in /tmp, as these files might be filling up space without any reason. Secondly to prevent file systems running out of space, or be used as permanent storage. Also malware is commonly found in /tmp, as a temporary staging place.
Control : FILE-6410
When locate has been found, Lynis checks for the related database.
Control : FILE-7524
This control describes the expected file permissions as configured in the profile. Depending on the tested files and related result, determine why a different permission set is being used, or correct it where appropriate.
Control : FINT-4315
AIDE configuration errors were found
Control : FINT-4350
To monitor for unauthorized changes, a file integrity tool can help with the detection of such event. Each time the contents or the properties of a file change, it will have a different checksum. With regular checks of the related integrity database, discovering changes becomes easy.Install a tool like AIDE, Samhain or Tripwire to monitor important system and data files. Additionally configure the tool to alert system or security personnel on events.
Control : FINT-4402
This check found that SHA256 or SHA512 were not used to create hashes of files.