Verify the permissions of the audit configuration files
The permissions of the audit configuration files must be 0555 or less.
[Permission_555]
In /etc/security, audit_class, audit_control, audit_event, audit_warn, and audit_user permissions set via chmod.
oval:org.secpod.oval:def:24629
SCAP Repo OVAL Definition
2015-06-11