← Rules Catalog
mediumauditverified rollback-safe

Ensure /etc/audit/ is group-owned by root

audit-config-dir-group · RHEL ≥ 8 · 1 impl

Description

The /etc/audit/ directory must be group-owned by root to prevent unauthorized modification of audit configuration.

Rationale

Group ownership by root restricts directory access to authorized administrators, protecting audit configuration from unauthorized changes.

Check → Remediate

Checkfile_permission
path:
/etc/audit
group:
root
Remediatefile_permissions
path:
/etc/audit
group:
root

Framework references

STIG

V-281057 / RHEL-10-400200V-270176V-230401

NIST 800-53

AU-9AC-6

Live verification

rhel8:checkrhel9:check
#audit#permissions#configuration