CCE-95730-8Platform: cpe:/o:ubuntu:ubuntu_linux:20.04, cpe:/o:ubuntu:ubuntu_linux:22.04 | Date: (C)2023-12-15 (M)2023-12-20 |
Description: The audit log directory contains audit log files.
Rationale:
Audit information includes all information including: audit records, audit settings and audit reports. This information is needed to successfully audit system activity. This information must be protected from unauthorized modification or deletion. If this information were to be compromised, forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve..Remediation:
Run the following command to set permission on audit log files:chmod u-x,g-wx,o-rwx [audit log file name from /etc/audit/auditd.conf]
Note: audit log file name is a parameter log_file under /etc/audit/auditd.conf file
Parameter:
[Perm]
Technical Mechanism:
Run the following command to configure the audit log files to be owned by the root user: chmod g-w,o-rwx [audit log files]
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.6 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 4.7 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:95952 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:95865 |