GEN002715 - System audit tool executables must be owned by root - '/sbin/auditd'

Information

To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.

Solution

Change the owner of the audit tool executable to root.
# chown root [audit tool executable]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|III, CCI|CCI-001493, Rule-ID|SV-218381r603259_rule, STIG-ID|GEN002715, STIG-Legacy|SV-63959, STIG-Legacy|V-22370, Vuln-ID|V-218381

Plugin: Unix

Control ID: 4a90c167fc0f92bc7b58fd2efbff7bea95bd61f1072cfba668de38db78834ac8