STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Audit logs on the AIX system must be owned by root.

DISA Rule

SV-215243r508663_rule

Vulnerability Number

V-215243

Group Title

SRG-OS-000057-GPOS-00027

Rule Version

AIX7-00-002013

Severity

CAT II

CCI(s)

• CCI-000162 - The information system protects audit information from unauthorized access.
• CCI-000163 - The information system protects audit information from unauthorized modification.
• CCI-000164 - The information system protects audit information from unauthorized deletion.

Weight

10

Fix Recommendation

Set the owner of the audit log file to "root".
# chown root <auditlog file>

Check Contents

Check the log files under the audit logging directory have correct ownership.

The default log file is /audit/trail.

The log file can be set by the "trail" variable in /etc/security/audit/config.
# grep trail /etc/security/audit/config
trail = /audit/trail

# ls -l <auditlog dir>
total 240
-rw-rw---- 1 root system 0 Feb 23 08:44 bin1
-rw-rw---- 1 root system 0 Feb 23 08:44 bin2
-rw-r----- 1 root system 116273 Feb 23 08:44 trail

If any file's ownership is not "root", this is a finding.

Vulnerability Number

V-215243

Documentable

False

Rule Version

AIX7-00-002013

Severity Override Guidance

Check the log files under the audit logging directory have correct ownership.

The default log file is /audit/trail.

The log file can be set by the "trail" variable in /etc/security/audit/config.
# grep trail /etc/security/audit/config
trail = /audit/trail

# ls -l <auditlog dir>
total 240
-rw-rw---- 1 root system 0 Feb 23 08:44 bin1
-rw-rw---- 1 root system 0 Feb 23 08:44 bin2
-rw-r----- 1 root system 116273 Feb 23 08:44 trail

If any file's ownership is not "root", this is a finding.

Check Content Reference

M

Target Key

4012

Comments