6.2.4.6 Ensure audit configuration files owner is configured
Audit
Run the following command to verify that the audit configuration files are owned by the root user:
# find /etc/audit/ -type f \( -name '*.conf' -o -name '*.rules' \) ! -user root
Run the following command to change ownership to root user:
# find /etc/audit/ -type f \( -name '*.conf' -o -name '*.rules' \) ! -user root -exec chown root {} +