ComplianceAsCode · shawndwells · May 13, 2014 · May 13, 2014 · May 13, 2014 · Aug 8, 2014
diff --git a/RHEL/6/input/checks/aide_periodic_cron_checking.xml b/RHEL/6/input/checks/aide_periodic_cron_checking.xml
@@ -0,0 +1 @@
+../../../../shared/oval/aide_periodic_cron_checking.xml
diff --git a/RHEL/6/input/fixes/bash/aide_periodic_cron_checking.sh b/RHEL/6/input/fixes/bash/aide_periodic_cron_checking.sh
@@ -0,0 +1 @@
+../../../../../shared/fixes/bash/aide_periodic_cron_checking.sh
diff --git a/RHEL/6/input/system/software/integrity.xml b/RHEL/6/input/system/software/integrity.xml
@@ -104,6 +104,7 @@ To determine that periodic AIDE execution has been scheduled, run the following
 By default, AIDE does not install itself for periodic execution. Periodically
 running AIDE is necessary to reveal unexpected changes in installed files.
 </rationale>
+<oval id="aide_periodic_cron_checking" />
 <ident cce="27222-9" />
 <ref nist="CM-3(d),CM-3(e),CM-6(d),SC-28,SI-7" disa="374,416,1069,1263,1297,1589"/>
 </Rule>

diff --git a/RHEL/7/input/checks/aide_periodic_cron_checking.xml b/RHEL/7/input/checks/aide_periodic_cron_checking.xml
@@ -0,0 +1 @@
+../../../../shared/oval/aide_periodic_cron_checking.xml
diff --git a/RHEL/7/input/fixes/bash/aide_periodic_cron_checking.sh b/RHEL/7/input/fixes/bash/aide_periodic_cron_checking.sh
@@ -0,0 +1 @@
+../../../../../shared/fixes/bash/aide_periodic_cron_checking.sh
diff --git a/docs/User_Guide/en-US/ch002-Downloading.xml b/docs/User_Guide/en-US/ch002-Downloading.xml
@@ -12,8 +12,8 @@
 		<title>EPEL (yum) Repositories</title>
 		<itemizedlist mark='bullet'>
 			<listitem>
-				<formalpara><title>Red Hat Enterprise Linux 6 (RHEL6)</title>
-				<para>If you are running RHEL6, you will need to enable the Extra Packages for Enterprise Linux
+				<formalpara><title>Red Hat Enterprise Linux 6 (RHEL 6)</title>
+				<para>If you are running RHEL 6, you will need to enable the Extra Packages for Enterprise Linux
 						(EPEL) repository. EPEL can be enabled by installing the epel-release RPM,
 						which contains the repository GPG key as well as configuration for yum. The
 						EPEL repository RPMs can be found at <ulink

diff --git a/shared/fixes/bash/aide_periodic_cron_checking.sh b/shared/fixes/bash/aide_periodic_cron_checking.sh
@@ -0,0 +1 @@
+echo "05 4 * * * root /usr/sbin/aide --check" >> /etc/crontab
diff --git a/shared/oval/aide_periodic_cron_checking.xml b/shared/oval/aide_periodic_cron_checking.xml
@@ -0,0 +1,40 @@
+<def-group>
+  <definition class="compliance" id="aide_periodic_cron_checking" version="1">
+    <metadata>
+      <title>Configure Periodic Execution of AIDE</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>By default, AIDE does not install itself for periodic
+      execution. Periodically running AIDE is necessary to reveal
+      unexpected changes in installed files.
+      </description>
+      <reference source="galford" ref_id="20140808" ref_url="test_attestation" />
+    </metadata>
+    <criteria operator="OR">
+      <extend_definition comment="Aide is installed" negate="true" definition_ref="package_aide_installed" />
+      <criterion comment="run aide daily with cron" test_ref="test_aide_periodic_cron_checking" />
+      <criterion comment="run aide daily with cron" test_ref="test_aide_crond_checking" />
+    </criteria>
+  </definition>
+
+  <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="run aide daily with cron" id="test_aide_periodic_cron_checking" version="1">
+    <ind:object object_ref="object_test_aide_periodic_cron_checking" />
+  </ind:textfilecontent54_test>
+  <ind:textfilecontent54_object comment="run aide daily with cron" id="object_test_aide_periodic_cron_checking" version="1">
+    <ind:filepath>/etc/crontab</ind:filepath>
+    <ind:pattern operation="pattern match">^[0-9]*[\s]*[0-9]*[\s]*\*[\s]*\*[\s]*\*[\s]*root[\s]*/usr/sbin/aide[\s]*\-\-check+$</ind:pattern>
+    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+  </ind:textfilecontent54_object>
+
+  <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="run aide daily with cron" id="test_aide_crond_checking" version="1">
+    <ind:object object_ref="object_test_aide_crond_checking" />
+  </ind:textfilecontent54_test>
+  <ind:textfilecontent54_object comment="run aide daily with cron" id="object_test_aide_crond_checking" version="1">
+    <ind:path>/etc/cron.d</ind:path>
+    <ind:filename operation="pattern match">^.*$</ind:filename>
+    <ind:pattern operation="pattern match">^[0-9]*[\s]*[0-9]*[\s]*\*[\s]*\*[\s]*\*[\s]*root[\s]*/usr/sbin/aide[\s]*\-\-check+$</ind:pattern>
+    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+  </ind:textfilecontent54_object>
+</def-group>