Detections
Analytics
RHEL-10-400170 - RHEL 10 must enforce "root" ownership of the audit log directory to prevent unauthorized read access.
Information
Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPOS-00029, SRG-OS-000206-GPOS-00084
Solution
Configure RHEL 10 to prevent unauthorized read access by ensuring the audit log directory is "root" owned with the following command:$ sudo chown root /var/log/audit
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY
References: 800-53|AU-9, 800-53|SI-11b., CAT|II, CCI|CCI-000162, CCI|CCI-000163, CCI|CCI-000164, CCI|CCI-001314, Rule-ID|SV-281051r1165508_rule, STIG-ID|RHEL-10-400170, Vuln-ID|V-281051
Plugin: Unix
Control ID: ab7b1d1bf389a91bcef368934e0c764860754a747a049f7fdd60ed647818a120