Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Access permissions for event logs must conform to minimum requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-1077 | 2.001 | SV-29200r2_rule | ECTP-1 | Medium |
| Description |
|---|
| Event logs are susceptible to unauthorized, and possibly anonymous, tampering if proper access permissions are not applied. |
| STIG | Date |
|---|---|
| Windows 2003 Domain Controller Security Technical Implementation Guide | 2014-06-27 |
Details
| Check Text ( C-51979r1_chk ) |
|---|
| Verify the permissions for the Windows event logs. If the permissions for these files are not as restrictive as the permissions listed below, this is a finding. The event log files "AppEvent.Evt," "SecEvent.Evt," and "SysEvent.Evt" are found in the "%SystemRoot%\SYSTEM32\CONFIG" directory by default. They may have been moved to another folder. Administrators - Read & Execute "Auditors" group - Full Control SYSTEM - Full Control Note: See V-1137 for the Auditors group requirement. |
| Fix Text (F-53859r1_fix) |
|---|
| Configure the access permissions on the event logs to the following: The event log files "AppEvent.Evt," "SecEvent.Evt," and "SysEvent.Evt" are found in the "%SystemRoot%\SYSTEM32\CONFIG" directory by default. They may have been moved to another folder. Administrators - Read & Execute "Auditors" group - Full Control SYSTEM - Full Control |