Detections
Analytics
GEN002710 - All system audit files must not have extended ACLs.
Information
If a user can write to the audit logs, then audit trails can be modified or destroyed and system intrusion may not be detected.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Remove the extended ACL from the system audit file(s) and disable extended permissions.#acledit <directory>/<file> and disable extended permissions
See Also
http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip
Item Details
Audit Name: DISA AIX 5.3 STIG v1r2
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-9, CAT|II, CCI|CCI-000163, Rule-ID|SV-38748r1_rule, STIG-ID|GEN002710, Vuln-ID|V-22369
Plugin: Unix
Control ID: 526aeb5834ac8572041445b2959a8f969b6ccfc2b2a4571eb0856fc0aaa06235