UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Access permissions for event logs must conform to minimum requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1077 2.001 SV-29200r2_rule ECTP-1 Medium
Description
Event logs are susceptible to unauthorized, and possibly anonymous, tampering if proper access permissions are not applied.
STIG Date
Windows 2003 Domain Controller Security Technical Implementation Guide 2015-06-03

Details

Check Text ( C-51979r1_chk )
Verify the permissions for the Windows event logs.
If the permissions for these files are not as restrictive as the permissions listed below, this is a finding.

The event log files "AppEvent.Evt," "SecEvent.Evt," and "SysEvent.Evt" are found in the "%SystemRoot%\SYSTEM32\CONFIG" directory by default. They may have been moved to another folder.

Administrators - Read & Execute
"Auditors" group - Full Control
SYSTEM - Full Control

Note: See V-1137 for the Auditors group requirement.
Fix Text (F-53859r1_fix)
Configure the access permissions on the event logs to the following:

The event log files "AppEvent.Evt," "SecEvent.Evt," and "SysEvent.Evt" are found in the "%SystemRoot%\SYSTEM32\CONFIG" directory by default. They may have been moved to another folder.

Administrators - Read & Execute
"Auditors" group - Full Control
SYSTEM - Full Control