GEN002717 - System audit tool executables must have mode 0750 or less permissive - '/sbin/audispd'

Information

To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.

Solution

Change the mode of the audit tool executable to 0750, or less permissive.
# chmod 0750 [audit tool executable]

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Audit Name: DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|III, CCI|CCI-001493, Group-ID|V-22372, Rule-ID|SV-26510r1_rule, STIG-ID|GEN002717, Vuln-ID|V-22372

Plugin: Unix

Control ID: b5f5f5354cace98930d62f29a05c587569317ee722233f92560a64e87f8c0d07