STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Audit logs on the AIX system must be group-owned by system.

DISA Rule

SV-215244r508663_rule

Vulnerability Number

V-215244

Group Title

SRG-OS-000057-GPOS-00027

Rule Version

AIX7-00-002014

Severity

CAT II

CCI(s)

• CCI-000164 - The information system protects audit information from unauthorized deletion.
• CCI-000162 - The information system protects audit information from unauthorized access.
• CCI-000163 - The information system protects audit information from unauthorized modification.

Weight

10

Fix Recommendation

Set the group of the audit log file to "system".
# chgrp system <auditlog file>

Check Contents

Check the log files under the audit logging directory have correct group ownership.

The default log file is /audit/trail.

The log file can be set by the "trail" variable in /etc/security/audit/config.
# grep trail /etc/security/audit/config
trail = /audit/trail

# ls -l <auditlog dir>
total 240
-rw-rw---- 1 root system 0 Feb 23 08:44 bin1
-rw-rw---- 1 root system 0 Feb 23 08:44 bin2
-rw-r----- 1 root system 116273 Feb 23 08:44 trail

If any file's group ownership is not "system", this is a finding.

Vulnerability Number

V-215244

Documentable

False

Rule Version

AIX7-00-002014

Severity Override Guidance

Check the log files under the audit logging directory have correct group ownership.

The default log file is /audit/trail.

The log file can be set by the "trail" variable in /etc/security/audit/config.
# grep trail /etc/security/audit/config
trail = /audit/trail

# ls -l <auditlog dir>
total 240
-rw-rw---- 1 root system 0 Feb 23 08:44 bin1
-rw-rw---- 1 root system 0 Feb 23 08:44 bin2
-rw-r----- 1 root system 116273 Feb 23 08:44 trail

If any file's group ownership is not "system", this is a finding.

Check Content Reference

M

Target Key

4012

Comments