Navigate

Check: GEN002710

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN002710 (in versions v1 r14 through v1 r10)

Title

All system audit files must not have extended ACLs. (Cat II impact)

Discussion

If a user can write to the audit logs, then audit trails can be modified or destroyed and system intrusion may not be detected.

Check Content

Procedure: # grep -p bin: /etc/security/audit/config Directories and files to search will be listed under the bin stanza. #aclget <directory>/<file> Check if extended permissions are disabled. If extended permissions are not disabled, this is a finding.

Fix Text

Remove the extended ACL from the system audit file(s) and disable extended permissions. #acledit <directory>/<file> and disable extended permissions

Additional Identifiers

Rule ID: SV-38748r1_rule

Vulnerability ID: V-22369

Group Title: GEN002710

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000163	The information system protects audit information from unauthorized modification.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-9	Protection Of Audit Information