Details
The audit log files _MUST_ not contain access control lists (ACLs).
This rule ensures that audit information and audit files are configured to be readable and writable only by system administrators, thereby preventing unauthorized access, modification, and deletion of files.
Solution
Run the following bash code
/bin/chmod -RN $(/usr/bin/awk -F: '/^dir/{print $2}' /etc/security/audit_control)
----
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability, System and Information Integrity.This control applies to the following type of system Unix.
References
- 800-53|AU-9
- 800-53|SI-11
- 800-53|SI-11b.
- CCE|CCE-84701-2, CCI|CCI-000162
- CCI|CCI-001314
- STIG-ID|AOSX-15-000030