diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/policy/stig/rhel10.yml b/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/policy/stig/rhel10.yml deleted file mode 100644 index d881290eb2a2..000000000000 --- a/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/policy/stig/rhel10.yml +++ /dev/null @@ -1,40 +0,0 @@ -srg_requirement: |- - {{{ full_name }}} must enforce group ownership by "root" or a restricted logging group for audit log files to prevent unauthorized access. - -fixtext: |- - Configure {{{ full_name }}} to enforce group ownership by "root" or a restricted logging group for audit log files to prevent unauthorized access. - - Identify the group that is configured to own the audit log: - - $ sudo grep -P '^[ ]*log_group[ ]+=.*$' /etc/audit/auditd.conf - - Change the ownership to that group using the following command: - - $ sudo chgrp ${log_group} ${log_file} - -checktext: |- - Verify {{{ full_name }}} enforces group ownership by "root" or a restricted logging group for audit log files to prevent unauthorized access. - - Determine where the audit logs are stored with the following command: - - $ sudo grep "^log_file" /etc/audit/auditd.conf - log_file = /var/log/audit/audit.log - - Determine the audit log group by running the following command: - - $ sudo grep -P '^[ ]*log_group[ ]+=.*$' /etc/audit/auditd.conf - log_group = root - - Check that the audit log file is owned by the correct group. Run the following command to display the owner of the audit log file: - - $ sudo stat -c "%n %G" /var/log/audit/audit.log - /var/log/audit/audit.log root - - The audit log file must be owned by the "log_group" or by "root" if the "log_group" is not specified. - - If audit log files are owned by the incorrect group, this is a finding. - -vuldiscussion: |- - Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. - - diff --git a/products/rhel10/controls/stig_rhel10.yml b/products/rhel10/controls/stig_rhel10.yml index 78b9601ebcb7..c912846062d9 100644 --- a/products/rhel10/controls/stig_rhel10.yml +++ b/products/rhel10/controls/stig_rhel10.yml @@ -943,7 +943,7 @@ controls: title: RHEL 10 must enforce group ownership by "root" or a restricted logging group for audit log files to prevent unauthorized access. rules: - - directory_group_ownership_var_log_audit + - file_group_ownership_var_log_audit status: automated - id: RHEL-10-400185 levels: diff --git a/products/rhel10/profiles/default.profile b/products/rhel10/profiles/default.profile index 80daad7df772..b444c9dcdfa3 100644 --- a/products/rhel10/profiles/default.profile +++ b/products/rhel10/profiles/default.profile @@ -57,3 +57,4 @@ selections: - mount_option_nosuid_removable_partitions - sysctl_net_ipv4_tcp_invalid_ratelimit - set_password_hashing_min_rounds_logindefs + - directory_group_ownership_var_log_audit diff --git a/tests/data/profile_stability/rhel10/stig.profile b/tests/data/profile_stability/rhel10/stig.profile index dc8dac3c7698..95f71e893cda 100644 --- a/tests/data/profile_stability/rhel10/stig.profile +++ b/tests/data/profile_stability/rhel10/stig.profile @@ -179,7 +179,6 @@ dir_ownership_library_dirs dir_permissions_library_dirs dir_perms_world_writable_root_owned dir_perms_world_writable_sticky_bits -directory_group_ownership_var_log_audit directory_groupowner_sshd_config_d directory_owner_sshd_config_d directory_ownership_var_log_audit diff --git a/tests/data/profile_stability/rhel10/stig_gui.profile b/tests/data/profile_stability/rhel10/stig_gui.profile index 5d96ae736a72..f93e75fc00af 100644 --- a/tests/data/profile_stability/rhel10/stig_gui.profile +++ b/tests/data/profile_stability/rhel10/stig_gui.profile @@ -179,7 +179,6 @@ dir_ownership_library_dirs dir_permissions_library_dirs dir_perms_world_writable_root_owned dir_perms_world_writable_sticky_bits -directory_group_ownership_var_log_audit directory_groupowner_sshd_config_d directory_owner_sshd_config_d directory_ownership_var_log_audit