GEN002717 - System audit tool executables must have mode 0750 or less permissive - /usr/sbin/auditd

Information

To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.

Solution

Change the mode of the audit tool executable to 0750, or less permissive.
# chmod 0750 [audit tool executable]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R4_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|III, CCI|CCI-001493, Rule-ID|SV-227722r603266_rule, STIG-ID|GEN002717, STIG-Legacy|SV-26511, STIG-Legacy|V-22372, Vuln-ID|V-227722

Plugin: Unix

Control ID: 5a2d29c142e6fe190ff5e461aee61b2d71a05dba8e36dced3954688a91365acc