An error occurred:

Check: GEN002718

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN002718 (in versions v1 r14 through v1 r10)

Title

System audit tool executables must not have extended ACLs. (Cat III impact)

Discussion

To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.

Check Content

Determine if system audit tool executables have extended ACLs Audit tools include, but are not limited to audit, auditcat, auditconv, auditpr, auditselect, auditstream, auditbin, and auditmerge. Procedure: #aclget <system audit tool executable> Check if extended permissions are disabled. If extended permissions are not disabled, this is a finding.

Fix Text

Remove the extended ACL from the system audit tool executable(s) and disable extended permissions. #acledit <system audit tool executable>

Additional Identifiers

Rule ID: SV-38779r1_rule

Vulnerability ID: V-22373

Group Title: GEN002718

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001493

The information system protects audit tools from unauthorized access.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-9

Protection Of Audit Information