Detections
Analytics
RHEL-10-400195 - RHEL 10 must enforce root ownership of the "/etc/audit/" directory.
Information
The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.Solution
Configure RHEL 10 so that the "/etc/audit/" directory is owned by "root" with the following command:$ sudo chown root /etc/audit/
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-12b., CAT|II, CCI|CCI-000171, Rule-ID|SV-281056r1165523_rule, STIG-ID|RHEL-10-400195, Vuln-ID|V-281056
Plugin: Unix
Control ID: eb9ebe77ff3878666fe5ddd2100a1beb08d0e4e81f4997352f8d9c885ac27da7