GEN000000-SOL00100 - The /etc/security/audit_user file must have mode 0640 or less permissive.


Audit_user is a sensitive file that, if compromised, would allow a malicious user to select auditing parameters to ignore his sessions. This would allow malicious operations the auditing subsystem would not log for that user.


Change the mode of the audit_user file to 0640.
# chmod 0640 /etc/security/audit_user

Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.