STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

System audit logs must be owned by root.

DISA Rule

SV-226590r603265_rule

Vulnerability Number

V-226590

Group Title

SRG-OS-000057

Rule Version

GEN002680

Severity

CAT II

CCI(s)

CCI-000162 - The information system protects audit information from unauthorized access.

Weight

Fix Recommendation

Change the ownership of the audit log file(s).

Procedure:
# chown root <audit log file>

Check Contents

Perform the following to determine the location of audit logs and then check the ownership.
# more /etc/security/audit_control
# ls -lLa <audit log dir>
If any audit log file is not owned by root, this is a finding.

Vulnerability Number

V-226590

Documentable

False

Rule Version

GEN002680

Severity Override Guidance

Check Content Reference

Target Key

4060

System audit logs must be owned by root.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments