SV-226595r603265_rule
V-226595
SRG-OS-000256
GEN002716
CAT III
10
Change the group-owner of the audit tool executable to root, bin, or sys.
Procedure:
# chgrp root <audit tool executable>
Verify the audit tool executables are group-owned by root, bin, or sys.
Procedure:
# ls -lL /usr/sbin/auditd /usr/sbin/audit /usr/sbin/bsmrecord /usr/sbin/auditreduce /usr/sbin/praudit /usr/sbin/auditconfig
If any listed file is not group-owned by root, bin, or sys, this is a finding.
V-226595
False
GEN002716
Verify the audit tool executables are group-owned by root, bin, or sys.
Procedure:
# ls -lL /usr/sbin/auditd /usr/sbin/audit /usr/sbin/bsmrecord /usr/sbin/auditreduce /usr/sbin/praudit /usr/sbin/auditconfig
If any listed file is not group-owned by root, bin, or sys, this is a finding.
M
4060