RHEL 9 "/etc/audit/" must be owned by root.
An XCCDF Rule
Description
The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.
- ID
- SV-270175r1044964_rule
- Version
- RHEL-09-232103
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Change the owner of the file "/etc/audit/" to "root" by running the following command:
$ sudo chown root /etc/audit/