STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 6 Security Technical Implementation Guide Version: 1 Release: 24 Benchmark Date: 25 Oct 2019: The system package management tool must verify group-ownership on all files and directories associated with the audit package.

DISA Rule

SV-50466r1_rule

Vulnerability Number

V-38665

Group Title

SRG-OS-000258

Rule Version

RHEL-06-000280

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The RPM package management system can restore file group-ownership of the audit package files and directories. The following command will update audit files with group-ownership different from what is expected by the RPM database:

# rpm --setugids audit

Check Contents

The following command will list which audit files on the system have group-ownership different from what is expected by the RPM database:

# rpm -V audit | grep '^......G'


If there is output, this is a finding.

Vulnerability Number

V-38665

Documentable

False

Rule Version

RHEL-06-000280

Severity Override Guidance

The following command will list which audit files on the system have group-ownership different from what is expected by the RPM database:

# rpm -V audit | grep '^......G'


If there is output, this is a finding.

Check Content Reference

M

Target Key

2367

Comments