iCompaas Support

Profile Applicability:
Level 1

Description:
 Audit tools are critical components for monitoring and logging system activity. Ensuring that audit tool binaries and configurations belong to the root group restricts unauthorized modifications and maintains the integrity of the auditing system.

Rationale:
 Proper group ownership prevents unauthorized users from altering audit tools, which could compromise security monitoring and incident detection.

Impact:
 Pros:

• Protects audit tools from unauthorized changes.
  

• Maintains reliability and trustworthiness of audit logs.
  

Cons:

• Misconfiguration might cause access issues for legitimate audit processes.
  

Default Value:
 Audit tools often belong to root group by default, but this should be verified.

Pre-requisites:

• Root or sudo privileges to audit and modify file group ownership.
  

Remediation:

Test Plan:

Using Linux command line:

1. Identify audit tool files (common examples):

   ls -l /sbin/audit* /usr/sbin/audit*

2. Verify that group ownership is set to root for these files.
   

Implementation Plan:

Using Linux command line:

1. Change group ownership to root for audit tools:

   chgrp root /sbin/audit* /usr/sbin/audit*

2. Verify changes:

   ls -l /sbin/audit* /usr/sbin/audit*

   
   

Backout Plan:

Using Linux command line:

1. Restore previous group ownership from backups if needed.
   

2. Verify audit tools functionality.
   

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• NIST SP 800-53 Revision 5 - AU-12