Skip to content

6.2.4.7 Ensure audit configuration files group owner is configured

Audit#

Run the following command to verify that the audit configuration files are owned by the group root:

# find /etc/audit/ -type f \( -name '*.conf' -o -name '*.rules' \) ! -group root
Nothing should be returned

Remediation#

Run the following command to change group to root:

# find /etc/audit/ -type f \( -name '*.conf' -o -name '*.rules' \) ! -group root -exec chgrp root {} +