Check: OL6-00-000385
Oracle Linux 6 STIG:
OL6-00-000385
(in versions v2 r7 through v1 r9)
Title
Audit log directories must have mode 0755 or less permissive. (Cat II impact)
Discussion
If users can delete audit logs, audit trails can be modified or destroyed.
Check Content
Run the following command to check the mode of the system audit directories: grep "^log_file" /etc/audit/auditd.conf|sed 's/^[^/]*//; s/[^/]*$//'|xargs stat -c %a:%n Audit directories must be mode 0755 or less permissive. If any are more permissive, this is a finding.
Fix Text
Change the mode of the audit log directories with the following command: # chmod go-w [audit_directory]
Additional Identifiers
Rule ID: SV-209055r793776_rule
Vulnerability ID: V-209055
Group Title: SRG-OS-000059
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
CCI-000164 |
The information system protects audit information from unauthorized deletion. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
AU-9 |
Protection Of Audit Information |