Detections
Analytics
AZLX-23-005000 - Amazon Linux 2023 audit system must protect logon user identifiers (UIDs) from unauthorized change.
Information
If modification of login UIDs is not prevented, they can be changed by nonprivileged users and make auditing complicated or impossible.Satisfies: SRG-OS-000462-GPOS-00206, SRG-OS-000475-GPOS-00220, SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPOS-00029
Solution
Configure Amazon Linux 2023 auditing to prevent modification of login UIDs once they are set by adding the following line to /etc/audit/rules.d/audit.rules:--loginuid-immutable
To load the rules to the kernel immediately, use the following command:
$ sudo augenrules --load
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Amazon_Linux_2023_V1R2_STIG.zip
Item Details
Audit Name: DISA Amazon Linux 2023 STIG v1r2
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-9, 800-53|AU-12c., CAT|II, CCI|CCI-000162, CCI|CCI-000163, CCI|CCI-000164, CCI|CCI-000172, Rule-ID|SV-274187r1120715_rule, STIG-ID|AZLX-23-005000, Vuln-ID|V-274187
Plugin: Unix
Control ID: ba52ff895d90f2ee9291ca4cb3dc9f4f666dc0de195a0f8d683b995b7f7a73d7