After enabling SIMP's STIG Mode (disa_stig), the supplemental aide configuration file, /etc/aide.conf.d/default.aide, clears all previously configured settings and contains only the text 'nil'. This causes problems on certain clients during puppet runs when the aide db is refreshed.
Steps to reproduce:
Enable SIMP's STIG Mode on the puppet master
On the puppet master, issue the command and note the failure and configuration error message
Bootstrap a client via pxe
Note the errors in /root/puppet.bootstrap.log (scrubbed)
On the client, note that the aide db files are missing in /var/lib/aide/
On the client, issue the command and note the failure and configuration error message
Remove the line from /etc/aide.conf:
Please note that the aide configurations are removed when using these workarounds. It could be possible that this is by design, however the 'nil' text in /etc/aide.conf.d/defaut.aide is invalid and causes aide db updates to fail.
Correct the /etc/aide.conf.d/default.aide settings in STIG Mode to audit the correct files and also eliminate errors when running /usr/local/sbin/update_aide