UCF STIG Viewer Logo

The /etc/security/audit_user file must have mode 0640 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-226409 GEN000000-SOL00100 SV-226409r603265_rule Medium
Description
Audit_user is a sensitive file that, if compromised, would allow a malicious user to select auditing parameters to ignore his sessions. This would allow malicious operations the auditing subsystem would not log for that user.
STIG Date
Solaris 10 SPARC Security Technical Implementation Guide 2022-09-07

Details

Check Text ( C-28570r482582_chk )
Check /etc/security/audit_user permissions.

# ls -lL /etc/security/audit_user

If /etc/security/audit_user is more permissive than 0640, this is a finding.
Fix Text (F-28558r482583_fix)
Change the mode of the audit_user file to 0640.
# chmod 0640 /etc/security/audit_user