STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230399r627750_rule
V-230399
SRG-OS-000057-GPOS-00027
RHEL-08-030100
CAT II
10
Configure the audit log to be protected from unauthorized read access, by setting the correct owner as "root" with the following command:
$ sudo chown root [audit_log_directory]
Replace "[audit_log_directory]" with the correct audit log directory path, by default this location is usually "/var/log/audit".
Verify the audit log directory is owned by "root" to prevent unauthorized read access.
Determine where the audit logs are stored with the following command:
$ sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Determine the owner of the audit log directory by using the output of the above command (ex: "/var/log/audit/"). Run the following command with the correct audit log directory path:
$ sudo ls -ld /var/log/audit
drw------- 2 root root 23 Jun 11 11:56 /var/log/audit
If the audit log directory is not owned by "root", this is a finding.
V-230399
False
RHEL-08-030100
Verify the audit log directory is owned by "root" to prevent unauthorized read access.
Determine where the audit logs are stored with the following command:
$ sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Determine the owner of the audit log directory by using the output of the above command (ex: "/var/log/audit/"). Run the following command with the correct audit log directory path:
$ sudo ls -ld /var/log/audit
drw------- 2 root root 23 Jun 11 11:56 /var/log/audit
If the audit log directory is not owned by "root", this is a finding.
M
2921