The Photon operating system audit files and directories must have correct permissions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-256522	PHTN-30-000047	SV-256522r991557_rule		Medium

Description

Protecting audit information includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operations on audit information.

STIG	Date
VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide	2024-12-16

Details

Check Text (C-60197r887238_chk)

At the command line, run the following command:

# stat -c "%n is owned by %U and group owned by %G" /etc/audit/auditd.conf

If "auditd.conf" is not owned by root and group owned by root, this is a finding.

Fix Text (F-60140r887239_fix)

At the command line, run the following command:

# chown root:root /etc/audit/auditd.conf