4.1.4.4 Ensure the audit log directory is 0750 or more restrictive

Audit#

Run the following command to verify that the audit log directory has a mode of 0750 or less permissive:

# stat -Lc "%n %a" "$(dirname $( awk -F"=" '/^\s*log_file/ {print $2}' /etc/audit/auditd.conf))" | grep -Pv -- '^\h*\H+\h+([0,5,7][0,5]0)'

Nothing should be returned

Run the following command to configure the audit log directory to have a mode of "0750" or less permissive:

# chmod g-w,o-rwx "$(dirname $(awk -F"=" '/^\s*log_file/ {print $2}' /etc/audit/auditd.conf))"

Default Value:

750