RHEL 9 "/etc/audit/" must be group-owned by root.

STIG ID: RHEL-09-232104  |  SRG: SRG-OS-000080-GPOS-00048 |  Severity: medium |  CCI: CCI-000162 |  Vulnerability Id: V-270176

Vulnerability Discussion

The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.

Check

Verify the group ownership of the "/etc/audit/" directory with the following command:

$ sudo stat -c "%G %n" /etc/audit/

root /etc/audit/

If "/etc/audit/" does not have a group owner of "root", this is a finding.

Fix

Change the group of the file "/etc/audit/" to "root" by running the following command:

$ sudo chgrp root /etc/audit/
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.