CCE-94279-7Platform: cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2019-11-07 (M)2023-07-04 |
Add the following to '/etc/audit/audit.rules' in order
to make the configuration immutable:
'-e 2'
With this setting, a reboot will be required to change any
audit rules.
Parameter:
[Immutable]
Technical Mechanism:
Making the audit configuration immutable prevents accidental as
well as malicious modification of the audit rules, although it may be
problematic if legitimate changes are needed during system
operation
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.3 | Attack Vector: LOCAL |
Exploit Score: 2.5 | Attack Complexity: LOW |
Impact Score: 4.7 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: HIGH |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72173 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:55720 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84048 |