GEN002716 - System audit tool executables must be group-owned by root, bin, sys, or system - '/sbin/auditctl'

Information

To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.

Solution

Change the group-owner of the audit tool executable to root, bin, sys, or system.

Procedure:
# chgrp root <audit tool executable>

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|III, CCI|CCI-001493, Group-ID|V-22371, Rule-ID|SV-26507r1_rule, STIG-ID|GEN002716, Vuln-ID|V-22371

Plugin: Unix

Control ID: d4223a339e3a973347157bdbf170fe2c60cb2f71117dc87732924a73224fb708