Ensure Audit Log Directory Has Permissions Set to 0750 or More Restrictive : iCompaas Support

Ensure Audit Log Directory Has Permissions Set to 0750 or More Restrictive Print

Created by: iCompaas Tech Support

Modified on: Thu, 22 May, 2025 at 2:46 AM

Profile Applicability:
• Level 2

Description:
The audit log directory stores security and system audit logs. Setting its permissions to 0750 or more restrictive limits access to the directory owner and group, preventing unauthorized users from accessing or modifying audit logs.

Rationale:
Restricting permissions on the audit log directory protects the confidentiality and integrity of audit data, reducing risks of tampering or unauthorized disclosure.

Impact:
Pros:

Limits access to audit logs to authorized users.
Maintains security and trustworthiness of audit records.

Cons:

Overly restrictive permissions might interfere with legitimate audit processes.

Default Value:
Permissions on the audit log directory may vary; verification and adjustment may be necessary.

Pre-requisites:

Root or sudo privileges to audit and modify directory permissions.

Remediation:

Test Plan:

Using Linux command line:

Check permissions of the audit log directory:

ls -ld /var/log/audit

Verify permissions are set to 0750 or more restrictive.

Implementation Plan:

Using Linux command line:

Set permissions to 0750 or more restrictive:

chmod 750 /var/log/audit

Verify changes:

ls -ld /var/log/audit

Backout Plan:

Using Linux command line:

Restore previous permissions from backups if necessary.
Verify audit processes continue to function properly.

References:

CIS Amazon Linux 2 Benchmark v3.0.0
NIST SP 800-53 Revision 5 - AU-9

iCompaas is the author of this solution article.

Did you find it helpful? Yes No

Ensure Audit Log Directory Has Permissions Set to 0750 or More Restrictive Print

Test Plan:

Implementation Plan:

Backout Plan:

Related Articles