SV-99073r1_rule
V-88423
SRG-OS-000063-GPOS-00032
VROM-SL-000250
CAT II
10
Change the group ownership of the /etc/audit/audit.rules.STIG, the /etc/audit/audit.rules.ORIG, and the /etc/audit/audit.rules files (if not a symbolic link):
# chgrp root /etc/audit/audit.rules.STIG
# chgrp root /etc/audit/audit.rules.ORIG
# if [ -f /etc/audit/audit.rules ]; then chgrp root /etc/audit/audit.rules; fi
Or run the following command to implement all logging requirements:
# /etc/dodscript.sh
Check the permissions of the rules files in /etc/audit:
# ls -l /etc/audit/
Note: If /etc/audit/audit.rules is a symbolic link to /etc/audit/audit.rules.STIG, then the check is only applicable to /etc/audit/audit.rules.STIG.
If the group owner is not set to "root", this is a finding.
V-88423
False
VROM-SL-000250
Check the permissions of the rules files in /etc/audit:
# ls -l /etc/audit/
Note: If /etc/audit/audit.rules is a symbolic link to /etc/audit/audit.rules.STIG, then the check is only applicable to /etc/audit/audit.rules.STIG.
If the group owner is not set to "root", this is a finding.
M
3461