Determine where the audit logs are stored with the following command:
$ sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Using the path of the directory containing the audit logs, determine
if the audit log files have a mode of "600" or less by using the following command:
$ sudo stat -c "%n %a" /var/log/audit/*