UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The /etc/security/audit_user file must have mode 0640 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4245 GEN000000-SOL00100 SV-4245r2_rule ECLP-1 Medium
Description
Audit_user is a sensitive file that, if compromised, would allow a malicious user to select auditing parameters to ignore his sessions. This would allow malicious operations the auditing subsystem would not log for that user.
STIG Date
Solaris 10 X86 Security Technical Implementation Guide 2014-07-09

Details

Check Text ( C-8285r2_chk )
Check /etc/security/audit_user permissions.

# ls -lL /etc/security/audit_user

If /etc/security/audit_user is more permissive than 0640, this is a finding.
Fix Text (F-4156r2_fix)
Change the mode of the audit_user file to 0640.
# chmod 0640 /etc/security/audit_user