UCF STIG Viewer Logo

System audit tool executables must not have extended ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22373 GEN002718 SV-38779r1_rule ECLP-1 Low
Description
To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-37202r1_chk )
Determine if system audit tool executables have extended ACLs Audit tools include, but are not limited to audit, auditcat, auditconv, auditpr, auditselect, auditstream, auditbin, and auditmerge.
Procedure:
#aclget
Check if extended permissions are disabled. If extended permissions are not disabled, this is a finding.
Fix Text (F-32469r1_fix)
Remove the extended ACL from the system audit tool executable(s) and disable extended permissions.

#acledit