GEN002716 - System audit tool executables must be group-owned by bin, sys, or system - '/usr/sbin/auditstream'

Information

To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.

Solution

Change the group owner of system audit tool executables to root, bin, sys, or system.
Procedure:
# chgrp system < system audit tool executable>

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|III, CCI|CCI-001493, Rule-ID|SV-38906r1_rule, STIG-ID|GEN002716, Vuln-ID|V-22371

Plugin: Unix

Control ID: 135ff4183f995bc2850ca90d878da735134aa3f2b6f07c4b4842f7dc2954cf7a