The audit information produced by MarkLogic Server must be protected from unauthorized modification.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-220350 | ML09-00-002000 | SV-220350r960933_rule | Medium |
| Description |
| STIG | Date |
| MarkLogic Server v9 Security Technical Implementation Guide | 2024-09-04 |
Details
| Check Text (C-22065r401501_chk) |
| Review controls and permissions are sufficient to protect audit log files from unauthorized access at the operating-system level. Verify User ownership, Group ownership, and permissions on the "audit" file: > ls -al /var/opt/MarkLogic/Logs/AuditLog.txt If the User owner is not "daemon", this is a finding If the Group owner is not "daemon", this is a finding. If the directory is more permissive than 700, this is a finding. |
| Fix Text (F-22054r401502_fix) |
| Apply controls and modify permissions to protect audit log files from unauthorized access at the operating-system level. Change owner and group of /var/opt/MarkLogic/Logs to user daemon from the command line with a privileged user: > chown daemon.daemon /var/opt/MarkLogic/Logs Change permissions of /var/opt/MarkLogic/Logs to 700 (rwx by owner only) from the command line > chmod 700 /var/opt/MarkLogic/Logs |