STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-219230r610963_rule
V-219230
SRG-OS-000058-GPOS-00028
UBTU-18-010307
CAT II
10
Configure the audit log files to be owned by "root" group.
First determine where the audit logs are stored with the following command:
# sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Using the path of the directory containing the audit logs, configure the audit log files to be owned by "root" group by using the following command:
# sudo chown :root /var/log/audit/*
Verify that the audit log files are owned by "root" group.
First determine where the audit logs are stored with the following command:
# sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Using the path of the directory containing the audit logs, check if the audit log files are owned by the "root" group by using the following command:
# sudo stat -c "%n %G" /var/log/audit/*
/var/log/audit/audit.log root
If the audit log files are owned by a group other than "root", this is a finding.
V-219230
False
UBTU-18-010307
Verify that the audit log files are owned by "root" group.
First determine where the audit logs are stored with the following command:
# sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Using the path of the directory containing the audit logs, check if the audit log files are owned by the "root" group by using the following command:
# sudo stat -c "%n %G" /var/log/audit/*
/var/log/audit/audit.log root
If the audit log files are owned by a group other than "root", this is a finding.
M
4055