Profile Applicability:
Level 1
Description:
Audit tools are vital for monitoring and logging system activities. Setting file permissions to 755 or more restrictive ensures that only authorized users can modify or execute these tools, maintaining their integrity and preventing unauthorized access.
Rationale:
Proper permissions prevent unauthorized modification or misuse of audit tools, protecting the accuracy and reliability of audit logs and system security.
Impact:
Pros:
Secures audit tools against unauthorized changes.
Allows necessary execution permissions for legitimate users.
Cons:
Overly restrictive permissions may interfere with legitimate audit operations if misconfigured.
Default Value:
Audit tools may have varying permissions; verification and correction are needed.
Pre-requisites:
Root or sudo privileges to audit and modify file permissions.
Remediation:
Test Plan:
Using Linux command line:
List audit tool files and their permissions:
ls -l /sbin/audit* /usr/sbin/audit*
Verify permissions are set to 755 or more restrictive (e.g., 750, 700).
Implementation Plan:
Using Linux command line:
Set permissions to 755 or more restrictive as appropriate:
chmod 755 /sbin/audit* /usr/sbin/audit*
Verify changes:
ls -l /sbin/audit* /usr/sbin/audit*
Backout Plan:
Using Linux command line:
Restore previous permissions from backups if necessary.
Test audit tools to ensure proper functionality.
References:
CIS Amazon Linux 2 Benchmark v3.0.0