Information
The audit log directory contains audit log files.
Audit information includes all information including: audit records, audit settings and audit reports. This information is needed to successfully audit system activity. This information must be protected from unauthorized modification or deletion. If this information were to be compromised, forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
Solution
Run the following command to configure the audit log directory to have a mode of "0750" or less permissive:
# chmod g-w,o-rwx "$(dirname "$(awk -F= '/^s*log_files*/{print $2}' /etc/audit/auditd.conf | xargs)")"