From Canonical Ubuntu 16.04 Security Technical Implementation Guide
Part of SRG-OS-000057-GPOS-00027
Associated with: CCI-000162 CCI-000163 CCI-000164
Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
Verify the audit log directories have a mode of "0750" or less permissive by first determining where the audit logs are stored with the following command: # sudo grep -iw log_file /etc/audit/auditd.conf log_file = /var/log/audit/audit.log Using the location of the audit log, determine the directory where the audit logs are stored (ex: "/var/log/audit"). Run the following command to determine the permissions for the audit log folder: # sudo stat -c "%a %n" /var/log/audit 750 /var/log/audit If the audit log directory has a mode more permissive than "0750", this is a finding.
Configure the audit log directory to be protected from unauthorized read access by setting the correct permissive mode with the following command: # sudo chmod 0750 [audit_log_directory] Replace "[audit_log_directory]" to the correct audit log directory path, by default this location is "/var/log/audit".
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer