Check: GEN002690
HP-UX 11.23 STIG:
GEN002690
(in version v1 r8)
Title
System audit logs must be group-owned by root, bin, sys, or other. (Cat II impact)
Discussion
Sensitive system and user information could provide a malicious user with enough information to penetrate further into the system.
Check Content
Inspect the auditing configuration file, /etc/rc.config.d/auditing, to determine the filename and path of the audit logs. The entries should appear similar to the following: PRI_AUDFILE=/var/.audit/file1 SEC_AUDFILE=/var/.audit/file2 # egrep “PRI_AUDFILE|SEC_AUDFILE” /etc/rc.config.d/auditing For each audit log directory/file, check the group ownership. # ls -lLd <audit directory> # ls -lLa <audit file> If any audit log directory/file is not group-owned by root, bin, sys, or other, this is a finding.
Fix Text
As root, change the group ownership. # chgrp root <audit directory> # chgrp root <audit file>
Additional Identifiers
Rule ID: SV-38406r2_rule
Vulnerability ID: V-22702
Group Title: GEN002690
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000162 |
The information system protects audit information from unauthorized access. |
CCI-000163 |
The information system protects audit information from unauthorized modification. |
Controls
Number | Title |
---|---|
AU-9 |
Protection Of Audit Information |