Check: PHTN-67-000015
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000015
(in versions v1 r6 through v1 r1)
Title
The Photon operating system audit log must have correct permissions. (Cat II impact)
Discussion
Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit operating system activity. Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
Check Content
At the command line, execute the following command: # (audit_log_file=$(grep "^log_file" /etc/audit/auditd.conf|sed s/^[^\/]*//) && if [ -f "${audit_log_file}" ] ; then printf "Log(s) found in "${audit_log_file%/*}":\n"; stat -c "%n permissions are %a" ${audit_log_file%}*; else printf "audit log file(s) not found\n"; fi) If the permissions on any audit log file is more permissive than 0600, this is a finding.
Fix Text
At the command line, execute the following command: # chmod 0600 <audit log file> Replace <audit log file> with the log files more permissive than 0600.
Additional Identifiers
Rule ID: SV-239087r675069_rule
Vulnerability ID: V-239087
Group Title: SRG-OS-000057-GPOS-00027
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000162 |
The information system protects audit information from unauthorized access. |
Controls
Number | Title |
---|---|
AU-9 |
Protection Of Audit Information |