GEN002710 - All system audit files must not have extended ACLs.

Information

If a user can write to the audit logs, then audit trails can be modified or destroyed and system intrusion may not be detected.

Solution

Remove the extended ACL from the system audit file(s).

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|II, CCI|CCI-000163, Group-ID|V-22369, Rule-ID|SV-37917r1_rule, STIG-ID|GEN002710, Vuln-ID|V-22369

Plugin: Unix

Control ID: b7ddcc24b4c3e393740d041686818162867334e1a9e1bb265debbe6d5bc684dd