STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230401r627750_rule
V-230401
SRG-OS-000057-GPOS-00027
RHEL-08-030120
CAT II
10
Configure the audit log directory to be protected from unauthorized read access by setting the correct permissive mode with the following command:
$ sudo chmod 0700 [audit_log_directory]
Replace "[audit_log_directory]" to the correct audit log directory path, by default this location is "/var/log/audit".
Verify the audit log directories have a mode of "0700" or less permissive by first determining where the audit logs are stored with the following command:
$ sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Using the location of the audit log, determine the directory where the audit logs are stored (ex: "/var/log/audit"). Run the following command to determine the permissions for the audit log folder:
$ sudo stat -c "%a %n" /var/log/audit
700 /var/log/audit
If the audit log directory has a mode more permissive than "0700", this is a finding.
V-230401
False
RHEL-08-030120
Verify the audit log directories have a mode of "0700" or less permissive by first determining where the audit logs are stored with the following command:
$ sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Using the location of the audit log, determine the directory where the audit logs are stored (ex: "/var/log/audit"). Run the following command to determine the permissions for the audit log folder:
$ sudo stat -c "%a %n" /var/log/audit
700 /var/log/audit
If the audit log directory has a mode more permissive than "0700", this is a finding.
M
2921