Check: GEN002680
HP-UX 11.31 STIG:
GEN002680
(in versions v1 r19 through v1 r13)
Title
System audit logs must be owned by root. (Cat II impact)
Discussion
Failure to give ownership of system audit log files to root provides the designated owner and unauthorized users with the potential to access sensitive information.
Check Content
Inspect the auditing configuration file, /etc/rc.config.d/auditing, to determine the filename and path of the audit logs. The entries should appear similar to the following: PRI_AUDFILE=/var/.audit/file1 SEC_AUDFILE=/var/.audit/file2 # egrep “PRI_AUDFILE|SEC_AUDFILE” /etc/rc.config.d/auditing For each audit log directory/file, check the ownership. # ls -lLd <audit directory> # ls -lLa <audit file> If any audit log directory/file is not owned by root, this is a finding.
Fix Text
As root, change the ownership. # chown root <audit directory> # chown root <audit file>
Additional Identifiers
Rule ID: SV-38477r2_rule
Vulnerability ID: V-812
Group Title: GEN002680
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000162 |
The information system protects audit information from unauthorized access. |
Controls
Number | Title |
---|---|
AU-9 |
Protection Of Audit Information |