STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

RHEL 8 audit system must protect logon UIDs from unauthorized change.

DISA Rule

SV-230403r627750_rule

Vulnerability Number

V-230403

Group Title

SRG-OS-000057-GPOS-00027

Rule Version

RHEL-08-030122

Severity

CAT II

CCI(s)

• CCI-000162 - The information system protects audit information from unauthorized access.

Weight

10

Fix Recommendation

Configure the audit system to set the logon UIDs to be immutable by adding the following line to "/etc/audit/rules.d/audit.rules"

--loginuid-immutable

Check Contents

Verify the audit system prevents unauthorized changes to logon UIDs with the following command:

$ sudo grep -i immutable /etc/audit/audit.rules

--loginuid-immutable

If the login UIDs are not set to be immutable by adding the "--loginuid-immutable" option to the "/etc/audit/audit.rules", this is a finding.

Vulnerability Number

V-230403

Documentable

False

Rule Version

RHEL-08-030122

Severity Override Guidance

Verify the audit system prevents unauthorized changes to logon UIDs with the following command:

$ sudo grep -i immutable /etc/audit/audit.rules

--loginuid-immutable

If the login UIDs are not set to be immutable by adding the "--loginuid-immutable" option to the "/etc/audit/audit.rules", this is a finding.

Check Content Reference

M

Target Key

2921

Comments