GEN002718 - System audit tool executables must not have extended ACLs - '/usr/sbin/auditmerge'

Information

To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.

Solution

Remove the extended ACL from the system audit tool executable(s) and disable extended permissions.
#acledit <system audit tool executable>

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|III, CCI|CCI-001493, Rule-ID|SV-38779r1_rule, STIG-ID|GEN002718, Vuln-ID|V-22373

Plugin: Unix

Control ID: f12d715eebed53118c83a3d5cd07eaa331b8bf500e62384fcbfa8e6444f49a0f