STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021: STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:SV-238248r653919_rule
V-238248
SRG-OS-000059-GPOS-00029
UBTU-20-010128
CAT II
10
Configure the audit log directory to have a mode of "0750" or less permissive.
Determine where the audit logs are stored with the following command:
$ sudo grep -iw ^log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Using the path of the directory containing the audit logs, configure the audit log directory to have a mode of "0750" or less permissive by
using the following command:
$ sudo chmod -R g-w,o-rwx /var/log/audit
Verify that the audit log directory has a mode of "0750" or less permissive.
Determine where the audit logs are stored with the following command:
$ sudo grep -iw ^log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Using the path of the directory containing the audit logs, determine if the directory has a mode of "0750" or less by using the following command:
$ sudo stat -c "%n %a" /var/log/audit /var/log/audit/*
/var/log/audit 750
/var/log/audit/audit.log 600
If the audit log directory has a mode more permissive than "0750", this is a finding.
V-238248
False
UBTU-20-010128
Verify that the audit log directory has a mode of "0750" or less permissive.
Determine where the audit logs are stored with the following command:
$ sudo grep -iw ^log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Using the path of the directory containing the audit logs, determine if the directory has a mode of "0750" or less by using the following command:
$ sudo stat -c "%n %a" /var/log/audit /var/log/audit/*
/var/log/audit 750
/var/log/audit/audit.log 600
If the audit log directory has a mode more permissive than "0750", this is a finding.
M
5318