STIGQter STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 1 Release: 17 Benchmark Date: 25 Oct 2019: The audit system must be configured to audit changes to the /etc/sudoers file.

DISA Rule

SV-65345r2_rule

Vulnerability Number

V-51135

Group Title

SRG-OS-000064

Rule Version

OL6-00-000201

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

At a minimum, the audit system should collect administrator actions for all users and root. Add the following to "/etc/audit/audit.rules":

-w /etc/sudoers -p wa -k actions

Check Contents

To verify that auditing is configured for system administrator actions, run the following command:

$ sudo grep -w "/etc/sudoers" /etc/audit/audit.rules

If the system is configured to watch for changes to its sudoers configuration, a line should be returned (including "-p wa" indicating permissions that are watched).

If there is no output, this is a finding.

Vulnerability Number

V-51135

Documentable

False

Rule Version

OL6-00-000201

Severity Override Guidance

To verify that auditing is configured for system administrator actions, run the following command:

$ sudo grep -w "/etc/sudoers" /etc/audit/audit.rules

If the system is configured to watch for changes to its sudoers configuration, a line should be returned (including "-p wa" indicating permissions that are watched).

If there is no output, this is a finding.

Check Content Reference

M

Target Key

2208

Comments