UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Photon operating system must protect audit tools from unauthorized modification and deletion.


Overview

Finding ID Version Rule ID IA Controls Severity
V-256523 PHTN-30-000048 SV-256523r887243_rule Medium
Description
Protecting audit information includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operations on audit information. Satisfies: SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099
STIG Date
VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide 2023-02-21

Details

Check Text ( C-60198r887241_chk )
At the command line, run the following command:

# stat -c "%n is owned by %U and group owned by %G and permissions are %a" /usr/sbin/auditctl /usr/sbin/auditd /usr/sbin/aureport /usr/sbin/ausearch /usr/sbin/autrace

If any file is not owned by root or group-owned by root or permissions are more permissive than "750", this is a finding.
Fix Text (F-60141r887242_fix)
At the command line, run the following command for each file returned for user and group ownership:

# chown root:root

At the command line, run the following command for each file returned for file permissions:

# chmod 750