GEN000000-SOL00100 - The /etc/security/audit_user file must have mode 0640 or less permissive.

Information

Audit_user is a sensitive file that, if compromised, would allow a malicious user to select auditing parameters to ignore his sessions. This would allow malicious operations the auditing subsystem would not log for that user.

Solution

Change the mode of the audit_user file to 0640.
# chmod 0640 /etc/security/audit_user

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_SPARC_V2R2_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|II, CCI|CCI-000162, Rule-ID|SV-226409r603265_rule, STIG-ID|GEN000000-SOL00100, STIG-Legacy|SV-4245, STIG-Legacy|V-4245, Vuln-ID|V-226409

Plugin: Unix

Control ID: 7af08f7c87525b40ebb9725749aa1df34f2f8c25fc9d13509354703fb68b78f7