Detections
Analytics

1.127 RHEL-09-232103

Information

RHEL 9 "/etc/audit/" must be owned by root.

GROUP ID: V-270175
RULE ID: SV-270175r1044964

The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.

Solution

Change the owner of the file "/etc/audit/" to "root" by running the following command:

$ sudo chown root /etc/audit/

See Also

https://workbench.cisecurity.org/benchmarks/22008

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|II, CCI|CCI-000162, Rule-ID|SV-270175r1044964_rule, STIG-ID|RHEL-09-232103, Vuln-ID|V-270175

Plugin: Unix

Control ID: 438c0dbedda327d2202fc0b6145c235bce8d29fa42f199c49dbd61ed72cb912f