An error occurred:

Check: GEN002690

HP-UX 11.31 STIG: GEN002690 (in versions v1 r19 through v1 r13)

Title

System audit logs must be group-owned by root, bin, sys, or other. (Cat II impact)

Discussion

Sensitive system and user information could provide a malicious user with enough information to penetrate further into the system.

Check Content

Inspect the auditing configuration file, /etc/rc.config.d/auditing, to determine the filename and path of the audit logs. The entries should appear similar to the following: PRI_AUDFILE=/var/.audit/file1 SEC_AUDFILE=/var/.audit/file2 # egrep “PRI_AUDFILE|SEC_AUDFILE” /etc/rc.config.d/auditing For each audit log directory/file, check the group ownership. # ls -lLd <audit directory> # ls -lLa <audit file> If any audit log directory/file is not group-owned by root, bin, sys, or other, this is a finding.

Fix Text

As root, change the group ownership. # chgrp root <audit directory> # chgrp root <audit file>

Additional Identifiers

Rule ID: SV-38406r2_rule

Vulnerability ID: V-22702

Group Title: GEN002690

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000162

The information system protects audit information from unauthorized access.
CCI-000163

The information system protects audit information from unauthorized modification.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-9

Protection Of Audit Information