Check: PHTN-67-000049
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000049
(in versions v1 r6 through v1 r1)
Title
The Photon operating system audit files and directories must have correct permissions. (Cat II impact)
Discussion
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operations on audit information.
Check Content
At the command line, execute the following command: # stat -c "%n is owned by %U and group owned by %G" /etc/audit/auditd.conf If auditd.conf is not owned by root and group owned by root, this is a finding.
Fix Text
At the command line, execute the following command: # chown root:root /etc/audit/auditd.conf
Additional Identifiers
Rule ID: SV-239120r675168_rule
Vulnerability ID: V-239120
Group Title: SRG-OS-000256-GPOS-00097
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001493 |
The information system protects audit tools from unauthorized access. |
Controls
Number | Title |
---|---|
AU-9 |
Protection Of Audit Information |