mediumauditverified ✓rollback-safe
Ensure /etc/audit/ is group-owned by root
audit-config-dir-group · RHEL ≥ 8 · 1 impl
Description
The /etc/audit/ directory must be group-owned by root to prevent unauthorized modification of audit configuration.
Rationale
Group ownership by root restricts directory access to authorized administrators, protecting audit configuration from unauthorized changes.
Check → Remediate
Checkfile_permission
- path:
- /etc/audit
- group:
- root
Remediatefile_permissions
- path:
- /etc/audit
- group:
- root
Framework references
STIG
V-281057 / RHEL-10-400200V-270176V-230401
NIST 800-53
AU-9AC-6
Live verification
rhel8:checkrhel9:check
#audit#permissions#configuration