RHEL 9 "/etc/audit/" must be owned by root.

STIG ID: RHEL-09-232103  |  SRG: SRG-OS-000080-GPOS-00048 |  Severity: medium |  CCI: CCI-000162 |  Vulnerability Id: V-270175

Vulnerability Discussion

The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.

Check

Verify the ownership of the "/etc/audit/" directory with the following command:

$ sudo stat -c "%U %n" /etc/audit/

root /etc/audit/

If the "/etc/audit/" directory does not have an owner of "root", this is a finding.

Fix

Change the owner of the file "/etc/audit/" to "root" by running the following command:

$ sudo chown root /etc/audit/
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.