GEN000000-SOL00100 - The /etc/security/audit_user file must have mode 0640 or less permissive.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Audit_user is a sensitive file that, if compromised, would allow a malicious user to select auditing parameters to ignore his sessions. This would allow malicious operations the auditing subsystem would not log for that user.

Solution

Change the mode of the audit_user file to 0640.
# chmod 0640 /etc/security/audit_user

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CAT|II, CCI|CCI-000162, CSCv6|3.1, Rule-ID|SV-227536r603266_rule, STIG-ID|GEN000000-SOL00100, STIG-Legacy|SV-4245, STIG-Legacy|V-4245, Vuln-ID|V-227536

Plugin: Unix

Control ID: 74381013fec7bf6c6aa2c3f3447b48b0e38e8d9ea6ab47324ac6bd36e915e01d