CCE-95731-6| Platform: cpe:/o:ubuntu:ubuntu_linux:20.04, cpe:/o:ubuntu:ubuntu_linux:22.04 | Date: (C)2023-12-15 (M)2023-12-20 |
Description: Audit configuration files control auditd and what events are audited.
Rationale:
Access to the audit configuration files could allow unauthorized personnel to prevent the auditing of critical events.
Misconfigured audit configuration files may prevent the auditing of critical events or impact the system's performance by overwhelming the audit log. Misconfiguration of the audit configuration files may also make it more difficult to establish and investigate events relating to an incident.Remediation:
Run the following command to set permissions on audit configuration files: chmod g-w,o-rwx [audit conf files]
Note: audit conf files are present in /etc/audit/ with file extension .conf and .rules
Parameter:
[Perm, root, root]
Technical Mechanism:
Run the following command to set permissions on audit configuration files: chmod g-w,o-rwx [audit conf files]
# chown root:root [audit conf files]
Note: audit conf files are present in /etc/audit/ with file extension .conf and .rules
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 6.6 | Attack Vector: LOCAL |
| Exploit Score: 1.8 | Attack Complexity: LOW |
| Impact Score: 4.7 | Privileges Required: LOW |
| Severity: MEDIUM | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: LOW |
| | Availability: LOW |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:95951 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:95864 |
