Check: OL6-00-000383
Oracle Linux 6 STIG:
OL6-00-000383
(in versions v2 r7 through v1 r9)
Title
Audit log files must have mode 0640 or less permissive. (Cat II impact)
Discussion
If users can write to audit logs, audit trails can be modified or destroyed.
Check Content
Run the following command to check the mode of the system audit logs: grep "^log_file" /etc/audit/auditd.conf|sed s/^[^\/]*//|xargs stat -c %a:%n Audit logs must be mode 0640 or less permissive. If any are more permissive, this is a finding.
Fix Text
Change the mode of the audit log files with the following command: # chmod 0640 [audit_file]
Additional Identifiers
Rule ID: SV-209053r793774_rule
Vulnerability ID: V-209053
Group Title: SRG-OS-000058
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
CCI-000163 |
The information system protects audit information from unauthorized modification. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
AU-9 |
Protection Of Audit Information |