UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The designer and IAO will ensure the audit trail is readable only by the application and auditors and protected against modification and deletion by unauthorized individuals.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6140 APP3690 SV-6140r1_rule ECTP-1 Medium
Description
Excessive permissions of audit records allow cover up of intrusion or misuse of the application.
STIG Date
Application Security and Development STIG 2014-04-03

Details

Check Text ( C-2953r1_chk )
Locate the application audit log location. Examine the properties of the log files.

For a Windows system, the NTFS file permissions should be System – Full control, Administrators and Application Administrators - Read, and Auditors - Full Control.

1) If the log files have permissions more permissive than what is listed, it is a finding.

For UNIX systems, use the ls –la (or equivalent) command to check the permissions of the audit log files.

2) If excessive permissions exist, it is a finding.
Fix Text (F-4432r1_fix)
Correct permissions on application audit logs.