RHEL 9 "/etc/audit/" must be group-owned by root.
An XCCDF Rule
Description
The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.
- ID
- SV-270176r1044967_rule
- Version
- RHEL-09-232104
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Change the group of the file "/etc/audit/" to "root" by running the following command:
$ sudo chgrp root /etc/audit/