Check: PHTN-67-000050
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000050
(in versions v1 r6 through v1 r1)
Title
The Photon operating system audit files and directories must have correct permissions. (Cat II impact)
Discussion
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operations on audit information.
Check Content
At the command line, execute the following command: # stat -c "%n is owned by %U and group owned by %G" /usr/sbin/auditctl /usr/sbin/auditd /usr/sbin/aureport /usr/sbin/ausearch /usr/sbin/autrace If any file is not owned by root and group owned by root, this is a finding.
Fix Text
At the command line, execute the following command for each file returned: # chown root:root <file>
Additional Identifiers
Rule ID: SV-239121r675171_rule
Vulnerability ID: V-239121
Group Title: SRG-OS-000256-GPOS-00097
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001493 |
The information system protects audit tools from unauthorized access. |
Controls
Number | Title |
---|---|
AU-9 |
Protection Of Audit Information |