Level 2
Workstation
Server
Logging and Auditing
Configure System Accounting (auditd)
Configure auditd file access
Automated
IG1
IG2
IG3
3.3 Configure Data Access Control Lists
T1070
T1070.002
T1083
TA0007
4.1.4.7 Ensure audit configuration files belong to group root
Audit
Run the following command to verify that the audit configuration files have mode 640 or more restrictive and are owned by the root user and root group:
# find /etc/audit/ -type f \( -name '*.conf' -o -name '*.rules' \) ! -group root
Run the following command to change group to root:
# find /etc/audit/ -type f \( -name '*.conf' -o -name '*.rules' \) ! -group root -exec chgrp root {} +