Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6140 | APP3690 | SV-6140r1_rule | ECTP-1 | Medium |
Description |
---|
Excessive permissions of audit records allow cover up of intrusion or misuse of the application. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-01-07 |
Check Text ( C-2953r1_chk ) |
---|
Locate the application audit log location. Examine the properties of the log files. For a Windows system, the NTFS file permissions should be System – Full control, Administrators and Application Administrators - Read, and Auditors - Full Control. 1) If the log files have permissions more permissive than what is listed, it is a finding. For UNIX systems, use the ls –la (or equivalent) command to check the permissions of the audit log files. 2) If excessive permissions exist, it is a finding. |
Fix Text (F-4432r1_fix) |
---|
Correct permissions on application audit logs. |