The designer and IAO will ensure the audit trail is readable only by the application and auditors and protected against modification and deletion by unauthorized individuals.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6140 | APP3690 | SV-6140r1_rule | ECTP-1 | Medium |
| Description |
|---|
| Excessive permissions of audit records allow cover up of intrusion or misuse of the application. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-12-22 |
Details
| Check Text ( C-2953r1_chk ) |
|---|
| Locate the application audit log location. Examine the properties of the log files. For a Windows system, the NTFS file permissions should be System – Full control, Administrators and Application Administrators - Read, and Auditors - Full Control. 1) If the log files have permissions more permissive than what is listed, it is a finding. For UNIX systems, use the ls –la (or equivalent) command to check the permissions of the audit log files. 2) If excessive permissions exist, it is a finding. |
| Fix Text (F-4432r1_fix) |
|---|
| Correct permissions on application audit logs. |