Navigate

Check: GEN002690

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN002690 (in versions v1 r14 through v1 r10)

Title

System audit logs must be group-owned by bin, sys, or system. (Cat II impact)

Discussion

Sensitive system and user information could provide a malicious user with enough information to penetrate further into the system.

Check Content

Procedure: # grep -p bin: /etc/security/audit/config Directories to search will be listed under the bin stanza. # ls -la <audit directories> If any audit log file is not group-owned by bin, sys, or system, this is a finding.

Fix Text

Change the group ownership of the audit log file(s). Procedure: # chgrp system < audit log file >

Additional Identifiers

Rule ID: SV-38902r1_rule

Vulnerability ID: V-22702

Group Title: GEN002690

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000162	The information system protects audit information from unauthorized access.
CCI-000163	The information system protects audit information from unauthorized modification.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-9	Protection Of Audit Information