UCF STIG Viewer Logo

System audit tool executables must be owned by root.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22370 GEN002715 SV-38749r1_rule ECLP-1 Low
Description
To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.
STIG Date
AIX 5.3 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2014-10-03

Details

Check Text ( C-37197r1_chk )
Determine if the system audit tool executables are owned by root. Audit tools include, but are not limited to, audit, auditcat, auditconv, auditpr, auditselect, auditstream, auditbin, and auditmerge.

Procedure:
ls -lL `which `

If any system audit tool executable is not owned by root, this is a finding.
Fix Text (F-32467r1_fix)
Change the owner of the system audit tool executables to root.
#chown root