STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021: STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:SV-238246r653913_rule
V-238246
SRG-OS-000057-GPOS-00027
UBTU-20-010123
CAT II
10
Configure the audit log directory and its underlying files to be owned by "root" user.
Determine where the audit logs are stored with the following command:
$ sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Using the path of the directory containing the audit logs, configure the audit log files to be owned by "root" user by using the following command:
$ sudo chown root /var/log/audit/*
Verify the audit log files are owned by "root" account.
Determine where the audit logs are stored with the following command:
$ sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Using the path of the directory containing the audit logs, determine if the audit log files are owned by the "root" user by using the following command:
$ sudo stat -c "%n %U" /var/log/audit/*
/var/log/audit/audit.log root
If the audit log files are owned by an user other than "root", this is a finding.
V-238246
False
UBTU-20-010123
Verify the audit log files are owned by "root" account.
Determine where the audit logs are stored with the following command:
$ sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Using the path of the directory containing the audit logs, determine if the audit log files are owned by the "root" user by using the following command:
$ sudo stat -c "%n %U" /var/log/audit/*
/var/log/audit/audit.log root
If the audit log files are owned by an user other than "root", this is a finding.
M
5318