diff --git a/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml
index ff11de6ec6c..9623fd696aa 100644
--- a/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml
+++ b/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml
@@ -48,3 +48,4 @@ template:
servicename: chronyd
servicename@ubuntu2004: chrony
servicename@ubuntu2204: chrony
+ servicename@debian12: chrony
diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml
index 103e08113f8..b94d2306a8f 100644
--- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml
+++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml
@@ -4,7 +4,11 @@ documentation_complete: true
title: 'Enable the NTP Daemon'
description: |-
+ {{% if "debian" in product %}}
+ {{{ ocil_service_enabled(service="chrony") }}}
+ {{% else %}}
{{{ ocil_service_enabled(service="chronyd") }}}
+ {{% endif %}}
Note: The chronyd daemon is enabled by default.
{{{ ocil_service_enabled(service="ntpd") }}}
@@ -23,7 +27,7 @@ description: |-
for guidance which NTP daemon to choose depending on the environment used.
rationale: |-
- Enabling some of chronyd or ntpd services ensures
+ Enabling some of {{% if "debian" in product %}}chrony{{% else %}}chronyd{{% endif %}} or ntpd services ensures
that the NTP daemon will be running and that the system will synchronize its
time to any servers specified. This is important whether the system is
configured to be a client (and synchronize only its own clock) or it is also
@@ -60,5 +64,9 @@ references:
srg: SRG-APP-000116-CTR-000235
ocil: |-
+ {{% if "debian" in product %}}
+ {{{ ocil_service_enabled(service="chrony") }}}
+ {{% else %}}
{{{ ocil_service_enabled(service="chronyd") }}}
+ {{% endif %}}
{{{ ocil_service_enabled(service="ntpd") }}}
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh
index 243c5610e37..03608513f75 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh
@@ -2,9 +2,13 @@
{{{ bash_package_install("aide") }}}
-aide_conf="/etc/aide.conf"
+aide_conf="{{{ aide_conf_path }}}"
+{{% if "debian" in product %}}
+groups=$(LC_ALL=C grep "^OwnerMode" $aide_conf | grep -v "^ALLXTRAHASHES" | cut -f1 -d '=' | tr -d ' ' | sort -u)
+{{% else %}}
groups=$(LC_ALL=C grep "^[A-Z][A-Za-z_]*" $aide_conf | grep -v "^ALLXTRAHASHES" | cut -f1 -d '=' | tr -d ' ' | sort -u)
+{{% endif %}}
for group in $groups
do
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/oval/shared.xml
index b9b45d28a21..99e4da40ba3 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/oval/shared.xml
@@ -3,20 +3,24 @@
{{{ oval_metadata("AIDE should be configured to verify Access Control Lists (ACLs).") }}}
-
+
- /etc/aide.conf
+ {{{ aide_conf_path }}}
+ {{% if "debian" in product %}}
+ ^(?!ALLXTRAHASHES)OwnerMode[\s]*=[\s]*([a-zA-Z0-9\+]*)$
+ {{% else %}}
^(?!ALLXTRAHASHES)[A-Z][a-zA-Z_]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$
+ {{% endif %}}
1
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
index d47284cd4b4..40a01f0b4f8 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
@@ -7,14 +7,19 @@ description: |-
By default, the acl option is added to the FIPSR ruleset in AIDE.
If using a custom ruleset or the acl option is missing, add acl
to the appropriate ruleset.
- For example, add acl to the following line in /etc/aide.conf:
+ For example, add acl to the following line in {{{ aide_conf_path }}}:
FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256
AIDE rules can be configured in multiple ways; this is merely one example that is already
configured by default.
+ {{% if "debian" in product %}}
+ The remediation provided with this rule adds acl to the OwnerMode rule
+ in {{{ aide_conf_path }}}
+ {{% else %}}
The remediation provided with this rule adds acl to all rule sets available in
- /etc/aide.conf
-
+ {{{ aide_conf_path }}}
+ {{% endif %}}
+
rationale: |-
ACLs can provide permissions beyond those permitted through the file mode and must be
verified by the file integrity tools.
@@ -49,7 +54,7 @@ ocil_clause: 'the acl option is missing or not added to the correct ruleset'
ocil: |-
To determine that AIDE is verifying ACLs, run the following command:
- $ grep acl /etc/aide.conf
+ $ grep acl {{{ aide_conf_path }}}
Verify that the acl option is added to the correct ruleset.
fixtext: |-
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh
index e919b8fff35..5528c230541 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh
@@ -2,9 +2,13 @@
{{{ bash_package_install("aide") }}}
-aide_conf="/etc/aide.conf"
+aide_conf="{{{ aide_conf_path }}}"
+{{% if "debian" in product %}}
+groups=$(LC_ALL=C grep "^InodeData" $aide_conf | grep -v "^ALLXTRAHASHES" | cut -f1 -d '=' | tr -d ' ' | sort -u)
+{{% else %}}
groups=$(LC_ALL=C grep "^[A-Z][A-Za-z_]*" $aide_conf | grep -v "^ALLXTRAHASHES" | cut -f1 -d '=' | tr -d ' ' | sort -u)
+{{% endif %}}
for group in $groups
do
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/oval/shared.xml
index 5ea93bb32ae..8a53e609c92 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/oval/shared.xml
@@ -3,20 +3,24 @@
{{{ oval_metadata("AIDE should be configured to verify extended file attributes.") }}}
-
+
- /etc/aide.conf
+ {{{ aide_conf_path }}}
+ {{% if "debian" in product %}}
+ ^(?!ALLXTRAHASHES)InodeData[\s]*=[\s]*([a-zA-Z0-9\+]*)$
+ {{% else %}}
^(?!ALLXTRAHASHES)[A-Z][a-zA-Z_]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$
+ {{% endif %}}
1
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
index ea58dc6a3b9..4da575a83bd 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
@@ -7,14 +7,19 @@ description: |-
By default, the xattrs option is added to the FIPSR ruleset in AIDE.
If using a custom ruleset or the xattrs option is missing, add xattrs
to the appropriate ruleset.
- For example, add xattrs to the following line in /etc/aide.conf:
+ For example, add xattrs to the following line in {{{ aide_conf_path }}}:
FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256
AIDE rules can be configured in multiple ways; this is merely one example that is already
configured by default.
+ {{% if "debian" in product %}}
+ The remediation provided with this rule adds xattrs to the InodeData rule in
+ {{{ aide_conf_path }}}
+ {{% else %}}
The remediation provided with this rule adds xattrs to all rule sets available in
- /etc/aide.conf
-
+ {{{ aide_conf_path }}}
+ {{% endif %}}
+
rationale: |-
Extended attributes in file systems are used to contain arbitrary data and file metadata
with security implications.
@@ -49,7 +54,7 @@ ocil_clause: 'the xattrs option is missing or not added to the correct ruleset'
ocil: |-
To determine that AIDE is verifying extended file attributes, run the following command:
- $ grep xattrs /etc/aide.conf
+ $ grep xattrs {{{ aide_conf_path }}}
Verify that the xattrs option is added to the correct ruleset.
fixtext: |-
diff --git a/products/debian12/product.yml b/products/debian12/product.yml
index 004d37f3732..976d06bb7c7 100644
--- a/products/debian12/product.yml
+++ b/products/debian12/product.yml
@@ -21,7 +21,8 @@ oval_feed_url: "https://www.debian.org/security/oval/oval-definitions-bookworm.x
chrony_conf_path: "/etc/chrony/chrony.conf"
chrony_d_path: "/etc/chrony/chrony.d/"
-
+aide_conf_path: "/etc/aide/aide.conf"
+
cpes_root: "../../shared/applicability"
cpes:
- debian12:
diff --git a/tests/data/product_stability/debian12.yml b/tests/data/product_stability/debian12.yml
index fc5413014c3..102330d6e2b 100644
--- a/tests/data/product_stability/debian12.yml
+++ b/tests/data/product_stability/debian12.yml
@@ -1,7 +1,7 @@
aide_also_checks_audispd: 'no'
aide_also_checks_rsyslog: 'no'
aide_bin_path: /usr/sbin/aide
-aide_conf_path: /etc/aide.conf
+aide_conf_path: /etc/aide/aide.conf
audisp_conf_path: /etc/audit
auid: 1000
basic_properties_derived: true