Navigate

Check: GEN002680

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN002680 (in versions v1 r14 through v1 r10)

Title

System audit logs must be owned by root. (Cat II impact)

Discussion

Failure to give ownership of system audit log files to root provides the designated owner and unauthorized users with the potential to access sensitive information.

Check Content

Perform the following to determine the location of audit logs and then check the ownership. Procedure: # grep -p bin: /etc/security/audit/config Directories to search will be listed under the bin stanza. # ls -la <audit directories> If any audit log file is not owned by root, this is a finding.

Fix Text

Change the ownership of the audit log file(s). Procedure: # chown root <audit log file>

Additional Identifiers

Rule ID: SV-38900r1_rule

Vulnerability ID: V-812

Group Title: GEN002680

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000162	The information system protects audit information from unauthorized access.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-9	Protection Of Audit Information