STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must configure the audit tools to be group-owned by root.

DISA Rule

SV-219197r610963_rule

Vulnerability Number

V-219197

Group Title

SRG-OS-000256-GPOS-00097

Rule Version

UBTU-18-010130

Severity

CAT II

CCI(s)

• CCI-001493 - The information system protects audit tools from unauthorized access.

Weight

10

Fix Recommendation

Configure the audit tools on the Ubuntu operating system to be group-owned by root, by running the following command:

# sudo chgrp root [audit_tool]

Replace "[audit_tool]" with each audit tool not group-owned by root.

Check Contents

Verify the Ubuntu operating system configures the audit tools to be group-owned by root to prevent any unauthorized access, deletion, or modification.

For each audit tools,
/sbin/auditctl, /sbin/aureport, /sbin/ausearch, /sbin/autrace, /sbin/auditd, /sbin/audispd, /sbin/augenrules

Check the group-owner of each audit tool by running the following commands:

stat -c "%n %G" /sbin/auditctl

/sbin/auditctl root

If any of the audit tools are not group-owned by root, this is a finding.

Vulnerability Number

V-219197

Documentable

False

Rule Version

UBTU-18-010130

Severity Override Guidance

Verify the Ubuntu operating system configures the audit tools to be group-owned by root to prevent any unauthorized access, deletion, or modification.

For each audit tools,
/sbin/auditctl, /sbin/aureport, /sbin/ausearch, /sbin/autrace, /sbin/auditd, /sbin/audispd, /sbin/augenrules

Check the group-owner of each audit tool by running the following commands:

stat -c "%n %G" /sbin/auditctl

/sbin/auditctl root

If any of the audit tools are not group-owned by root, this is a finding.

Check Content Reference

M

Target Key

4055

Comments