Check: GEN000000-SOL00100
Solaris 10 X86 STIG:
GEN000000-SOL00100
(in versions v2 r4 through v1 r17)
Title
The /etc/security/audit_user file must have mode 0640 or less permissive. (Cat II impact)
Discussion
Audit_user is a sensitive file that, if compromised, would allow a malicious user to select auditing parameters to ignore his sessions. This would allow malicious operations the auditing subsystem would not log for that user.
Check Content
Check /etc/security/audit_user permissions. # ls -lL /etc/security/audit_user If /etc/security/audit_user is more permissive than 0640, this is a finding.
Fix Text
Change the mode of the audit_user file to 0640. # chmod 0640 /etc/security/audit_user
Additional Identifiers
Rule ID: SV-227536r603266_rule
Vulnerability ID: V-227536
Group Title: SRG-OS-000057
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000162 |
Protect audit information from unauthorized access. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AU-9 |
Protection of Audit Information |