SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CCE

CCE-95723-3

Platform: cpe:/o:ubuntu:ubuntu_linux:20.04, cpe:/o:ubuntu:ubuntu_linux:22.04

Description:The operating system must generate audit records for successful/unsuccessful uses of the chcon command.Rationale:The chcon command is used to change file security context. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.Fix:add the following to the /etc/audit/audit.rules file-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=unset -k perm_chngRun the following command to load and merge the rules into active configuration# augenrules --load

Parameter:

[Yes/No]

Technical Mechanism:

Add the following lines to the /etc/audit/rules.d/audit.rules file: -a always,exit -F path=/usr/bin/chcon -F perm=x -F auid =1000 -F auid!=unset -k perm_chng

CCSS Severity:		CCSS Metrics:
CCSS Score : 5.9		Attack Vector: LOCAL
Exploit Score: 2.5		Attack Complexity: LOW
Impact Score: 3.4		Privileges Required: NONE
Severity: MEDIUM		User Interaction: NONE
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L		Scope: UNCHANGED
		Confidentiality: LOW
		Integrity: LOW
		Availability: LOW

References:

Resource Id	Reference
SCAP Repo OVAL Definition	oval:org.secpod.oval:def:95963
SCAP Repo OVAL Definition	oval:org.secpod.oval:def:95876


30479



423868



249461



909



195508



282