Detections
Analytics

4.7.1.11 /etc/security/audit

Information

The /etc/security/audit directory contains the system audit configuration files.

Rationale:

The /etc/security/audit directory stores the audit configuration files. This directory must have adequate access controls to prevent unauthorized access.

Solution

Ensure correct ownership and permissions are in place for /etc/security/audit:

chown -R root:audit /etc/security/audit
chmod u=rwx,g=rx,o= /etc/security/audit
chmod -R u=rw,g=r,o= /etc/security/audit/*

Default Value:

N/A

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: Unix

Control ID: ddc8eb68d22cf09c0971e96cf0b34bff019064e30d6c787cb3cf507af882085e