GEN000000-SOL00100 - The /etc/security/audit_user file must have mode 0640 or less permissive.

Details

Audit_user is a sensitive file that, if compromised, would allow a malicious user to select auditing parameters to ignore his sessions. This would allow malicious operations the auditing subsystem would not log for that user.


Solution

Change the mode of the audit_user file to 0640.
# chmod 0640 /etc/security/audit_user


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.


References


Source