SV-226597r603265_rule
V-226597
SRG-OS-000256
GEN002718
CAT III
10
Remove the extended ACL from the file.
# chmod A- [audit file]
Check the permissions of audit tool executables.
# ls -l /usr/sbin/auditd /usr/sbin/audit /usr/sbin/bsmrecord /usr/sbin/auditreduce /usr/sbin/praudit /usr/sbin/auditconfig
If the permissions include a "+", the file has an extended ACL and this is a finding.
V-226597
False
GEN002718
Check the permissions of audit tool executables.
# ls -l /usr/sbin/auditd /usr/sbin/audit /usr/sbin/bsmrecord /usr/sbin/auditreduce /usr/sbin/praudit /usr/sbin/auditconfig
If the permissions include a "+", the file has an extended ACL and this is a finding.
M
4060