STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021: STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:SV-238251r653928_rule
V-238251
SRG-OS-000063-GPOS-00032
UBTU-20-010135
CAT II
10
Configure "/etc/audit/audit.rules", "/etc/audit/rules.d/*", and "/etc/audit/auditd.conf" files to be owned by root group by using the following command:
$ sudo chown :root /etc/audit/audit*.{rules,conf} /etc/audit/rules.d/*
Verify that "/etc/audit/audit.rules", "/etc/audit/rules.d/*", and "/etc/audit/auditd.conf" files are owned by root group by using the following command:
$ sudo ls -al /etc/audit/ /etc/audit/rules.d/
/etc/audit/:
-rw-r----- 1 root root 804 Nov 25 11:01 auditd.conf
-rw-r----- 1 root root 9128 Dec 27 09:56 audit.rules
-rw-r----- 1 root root 9373 Dec 27 09:56 audit.rules.prev
-rw-r----- 1 root root 127 Feb 7 2018 audit-stop.rules
drwxr-x--- 2 root root 4096 Dec 27 09:56 rules.d
/etc/audit/rules.d/:
-rw-r----- 1 root root 10357 Dec 27 09:56 stig.rules
If the "/etc/audit/audit.rules", "/etc/audit/rules.d/*", or "/etc/audit/auditd.conf" file is owned by a group other than "root", this is a finding.
V-238251
False
UBTU-20-010135
Verify that "/etc/audit/audit.rules", "/etc/audit/rules.d/*", and "/etc/audit/auditd.conf" files are owned by root group by using the following command:
$ sudo ls -al /etc/audit/ /etc/audit/rules.d/
/etc/audit/:
-rw-r----- 1 root root 804 Nov 25 11:01 auditd.conf
-rw-r----- 1 root root 9128 Dec 27 09:56 audit.rules
-rw-r----- 1 root root 9373 Dec 27 09:56 audit.rules.prev
-rw-r----- 1 root root 127 Feb 7 2018 audit-stop.rules
drwxr-x--- 2 root root 4096 Dec 27 09:56 rules.d
/etc/audit/rules.d/:
-rw-r----- 1 root root 10357 Dec 27 09:56 stig.rules
If the "/etc/audit/audit.rules", "/etc/audit/rules.d/*", or "/etc/audit/auditd.conf" file is owned by a group other than "root", this is a finding.
M
5318