GEN002715 - System audit tool executables must be owned by root - /usr/sbin/auditconfig

Information

To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.

Solution

Change the owner of the audit tool executable to root.
# chown root [audit tool executable]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R4_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|III, CCI|CCI-001493, Rule-ID|SV-227720r603266_rule, STIG-ID|GEN002715, STIG-Legacy|SV-26505, STIG-Legacy|V-22370, Vuln-ID|V-227720

Plugin: Unix

Control ID: fa7d28a97b19e35050e07e93cadedf3d3329329b72a4e22cd980b7ef95aef657