UCF STIG Viewer Logo

The system package management tool must verify group-ownership on all files and directories associated with the audit package.


Overview

Finding ID Version Rule ID IA Controls Severity
V-209016 OL6-00-000280 SV-209016r793737_rule Medium
Description
Group-ownership of audit binaries and configuration files that is incorrect could allow an unauthorized user to gain privileges that they should not have. The group-ownership set by the vendor should be maintained. Any deviations from this baseline should be investigated.
STIG Date
Oracle Linux 6 Security Technical Implementation Guide 2021-12-03

Details

Check Text ( C-9269r357833_chk )
The following command will list which audit files on the system have group-ownership different from what is expected by the RPM database:

# rpm -V audit | grep '^......G'

If there is output, this is a finding.
Fix Text (F-9269r357834_fix)
The RPM package management system can restore file group-ownership of the audit package files and directories. The following command will update audit files with group-ownership different from what is expected by the RPM database:

# rpm --setugids audit