STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must protect audit tools from unauthorized access.

DISA Rule

SV-100405r1_rule

Vulnerability Number

V-89755

Group Title

SRG-OS-000256-GPOS-00097

Rule Version

VRAU-SL-000905

Severity

CAT II

CCI(s)

• CCI-001493 - The information system protects audit tools from unauthorized access.

Weight

10

Fix Recommendation

Run the following command to reset audit permissions to the correct values:

sudo rpm --setperms audit-1.8-0.34.26

Check Contents

The following command will list which audit files on the system have permissions different from what is expected by the RPM database:

# rpm -V audit | grep '^.M'

If there is any output, for each file or directory found, compare the RPM-expected permissions with the permissions on the file or directory:

# rpm -q --queryformat "[%{FILENAMES} %{FILEMODES:perms}\n]" audit | grep [filename]
# ls -lL [filename]

If the existing permissions are more permissive than those expected by RPM, this is a finding.

Vulnerability Number

V-89755

Documentable

False

Rule Version

VRAU-SL-000905

Severity Override Guidance

The following command will list which audit files on the system have permissions different from what is expected by the RPM database:

# rpm -V audit | grep '^.M'

If there is any output, for each file or directory found, compare the RPM-expected permissions with the permissions on the file or directory:

# rpm -q --queryformat "[%{FILENAMES} %{FILEMODES:perms}\n]" audit | grep [filename]
# ls -lL [filename]

If the existing permissions are more permissive than those expected by RPM, this is a finding.

Check Content Reference

M

Target Key

3459

Comments