4.3 Enable Auditing of File Metadata Modification Events - AUE_CHOWN : cis

Information

NOTE: Update the value of CIS_AUDIT_CLASS with the appropriate value for the local environment.

Solution

To enforce this setting, edit the /etc/security/audit_event file and add the cis audit class to the following audit events:
AUE_CHMOD
AUE_CHOWN
AUE_FCHOWN
AUE_FCHMOD
AUE_LCHOWN
AUE_ACLSET
AUE_FACLSET

See Also

https://workbench.cisecurity.org/files/611

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: Unix

Control ID: 2a872efbdd5e4c93d97fe31b27e7a7e0ad7686561893dc936d2aa3f7797ba507