6.2.4.9 Ensure audit tools owner is configured

Audit#

Run the following command to verify the audit tools are owned by the root user:

# stat -Lc "%n %U" /sbin/auditctl /sbin/aureport /sbin/ausearch /sbin/autrace /sbin/auditd /sbin/augenrules | awk '$2 != "root" {print}'

Nothing should be returned

Run the following command to change the owner of the audit tools to the root user:

# chown root /sbin/auditctl /sbin/aureport /sbin/ausearch /sbin/autrace /sbin/auditd /sbin/augenrules