GEN002715 - System audit tool executables must be owned by root - '/sbin/autrace'

Information

To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.

Solution

Change the owner of the audit tool executable to root.
# chown root [audit tool executable]

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|III, CCI|CCI-001493, Group-ID|V-22370, Rule-ID|SV-26504r1_rule, STIG-ID|GEN002715, Vuln-ID|V-22370

Plugin: Unix

Control ID: 361c859fc176175551dfe309b173b3db8adeda352b15f1d7b2b8d9ca9769f80a