STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must configure audit tools to be owned by root.

DISA Rule

SV-219196r610963_rule

Vulnerability Number

V-219196

Group Title

SRG-OS-000256-GPOS-00097

Rule Version

UBTU-18-010129

Severity

CAT II

CCI(s)

• CCI-001493 - The information system protects audit tools from unauthorized access.

Weight

10

Fix Recommendation

Configure the audit tools on the Ubuntu operating system to be owned by root, by running the following command:

# sudo chown root [audit_tool]

Replace "[audit_tool]" with each audit tool not owned by root.

Check Contents

Verify the Ubuntu operating system configures the audit tools to be owned by root to prevent any unauthorized access, deletion, or modification.

For each audit tool,
/sbin/auditctl, /sbin/aureport, /sbin/ausearch, /sbin/autrace, /sbin/auditd, /sbin/audispd, /sbin/augenrules

Check the ownership by running the following command:

# stat -c "%n %U" /sbin/auditctl

/sbin/auditctl root

If any of the audit tools are not owned by root, this is a finding.

Vulnerability Number

V-219196

Documentable

False

Rule Version

UBTU-18-010129

Severity Override Guidance

Verify the Ubuntu operating system configures the audit tools to be owned by root to prevent any unauthorized access, deletion, or modification.

For each audit tool,
/sbin/auditctl, /sbin/aureport, /sbin/ausearch, /sbin/autrace, /sbin/auditd, /sbin/audispd, /sbin/augenrules

Check the ownership by running the following command:

# stat -c "%n %U" /sbin/auditctl

/sbin/auditctl root

If any of the audit tools are not owned by root, this is a finding.

Check Content Reference

M

Target Key

4055

Comments