STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Audit logs on the AIX system must be set to 660 or less permissive.

DISA Rule

SV-215245r508663_rule

Vulnerability Number

V-215245

Group Title

SRG-OS-000057-GPOS-00027

Rule Version

AIX7-00-002015

Severity

CAT II

CCI(s)

• CCI-000162 - The information system protects audit information from unauthorized access.
• CCI-000163 - The information system protects audit information from unauthorized modification.
• CCI-000164 - The information system protects audit information from unauthorized deletion.

Weight

10

Fix Recommendation

Set the permission of the audit log file to "660".

# chmod 660 <auditlog file>

Check Contents

Check the log files under the audit logging directory have correct permissions.

The default log file is /audit/trail.

The log file can be set by the "trail" variable in /etc/security/audit/config.
# grep trail /etc/security/audit/config
trail = /audit/trail

# ls -l <auditlog dir>
total 240
-rw-rw---- 1 root system 0 Feb 23 08:44 bin1
-rw-rw---- 1 root system 0 Feb 23 08:44 bin2
-rw-r----- 1 root system 116273 Feb 23 08:44 trail

If any file has a mode more permissive than "660", this is a finding.

Vulnerability Number

V-215245

Documentable

False

Rule Version

AIX7-00-002015

Severity Override Guidance

Check the log files under the audit logging directory have correct permissions.

The default log file is /audit/trail.

The log file can be set by the "trail" variable in /etc/security/audit/config.
# grep trail /etc/security/audit/config
trail = /audit/trail

# ls -l <auditlog dir>
total 240
-rw-rw---- 1 root system 0 Feb 23 08:44 bin1
-rw-rw---- 1 root system 0 Feb 23 08:44 bin2
-rw-r----- 1 root system 116273 Feb 23 08:44 trail

If any file has a mode more permissive than "660", this is a finding.

Check Content Reference

M

Target Key

4012

Comments