Detections
Analytics
RHEL-09-232104 - RHEL 9 "/etc/audit/" must be group-owned by root.
Information
The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.Solution
Change the group of the file "/etc/audit/" to "root" by running the following command:$ sudo chgrp root /etc/audit/
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_9_V2R8_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 9 STIG v2r8
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-9, CAT|II, CCI|CCI-000162, Rule-ID|SV-270176r1137691_rule, STIG-ID|RHEL-09-232104, Vuln-ID|V-270176
Plugin: Unix
Control ID: 8306c794eefdcced38bce3975af59cb4c9d2ed6f9ffd54cfd4dab574e23a1442