From Canonical Ubuntu 16.04 Security Technical Implementation Guide
Part of SRG-OS-000057-GPOS-00027
Associated with: CCI-000162 CCI-000163 CCI-000164
Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
Verify the audit log directory is owned by "root" to prevent unauthorized read access. Determine where the audit logs are stored with the following command: # sudo grep -iw log_file /etc/audit/auditd.conf log_file = /var/log/audit/audit.log Determine the audit log directory by using the output of the above command (ex: "/var/log/audit/"). Run the following command with the correct audit log directory path: # sudo ls -ld /var/log/audit drwxr-x--- 2 root root 8096 Jun 26 11:56 /var/log/audit If the audit log directory is not owned by "root", this is a finding.
Configure the audit log to be protected from unauthorized read access, by setting the correct owner as "root" with the following command: # sudo chown root [audit_log_directory] Replace "[audit_log_directory]" with the correct audit log directory path, by default this location is usually "/var/log/audit".
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer