GEN002715 - System audit tool executables must be owned by root - '/usr/sbin/auditmerge'

Information

To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.

Solution

Change the owner of the system audit tool executables to root.
#chown root <system audit tool executable>

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|III, CCI|CCI-001493, Rule-ID|SV-38749r1_rule, STIG-ID|GEN002715, Vuln-ID|V-22370

Plugin: Unix

Control ID: 92333df2619c388c4b11f58aae898f17e5ae69dbc1987a388e1182229bd7eb9f