The Photon operating system must protect audit tools from unauthorized modification and deletion.

An XCCDF Rule

Description

<VulnDiscussion>Protecting audit information includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operations on audit information. Satisfies: SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256523r887243_rule
Severity: Medium
References: CCI-001494 CCI-001495
Updated: 8 months ago

At the command line, run the following command for each file returned for user and group ownership:

# chown root:root <file>

At the command line, run the following command for each file returned for file permissions:
# chmod 750 <file>

The Photon operating system must protect audit tools from unauthorized modification and deletion.

Description

Remediation - Manual Procedure