mediumauditverified ✓rollback-safe
Ensure /etc/audit/ is owned by root
audit-config-dir-owner · RHEL ≥ 8 · 1 impl
Description
The /etc/audit/ directory must be owned by root to prevent unauthorized modification of audit configuration.
Rationale
Unauthorized changes to audit configuration could disable auditing or redirect audit records, allowing malicious activity to go undetected.
Check → Remediate
Checkfile_permission
- path:
- /etc/audit
- owner:
- root
Remediatefile_permissions
- path:
- /etc/audit
- owner:
- root
Framework references
STIG
V-281056 / RHEL-10-400195V-270175V-230400
NIST 800-53
AU-9AC-6
Live verification
rhel8:checkrhel9:check
#audit#permissions#configuration