Navigate

Check: GEN002690

Solaris 10 SPARC STIG: GEN002690 (in versions v2 r4 through v1 r19)

Title

System audit logs must be group-owned by root, bin, or sys. (Cat II impact)

Discussion

Sensitive system and user information could provide a malicious user with enough information to penetrate further into the system.

Check Content

Determine the location of audit logs and then check the group-ownership. Procedure: # more /etc/security/audit_control # ls -lLd <audit log dir> If any audit log file is not group-owned by root, bin, or sys, this is a finding.

Fix Text

Change the group ownership of the audit log file(s). Procedure: # chgrp root <audit log file>

Additional Identifiers

Rule ID: SV-226591r603265_rule

Vulnerability ID: V-226591

Group Title: SRG-OS-000057

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000162	The information system protects audit information from unauthorized access.
CCI-000163	The information system protects audit information from unauthorized modification.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-9	Protection Of Audit Information