Xylok Security Suite must protect audit information from any type of unauthorized access.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-269576	XYLK-20-000043	SV-269576r1053503_rule		Medium

Description

If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult if not impossible to achieve. In addition, access to audit records provides information an attacker could potentially use to their advantage. To ensure the veracity of audit data, the information system and/or the Xylok Security Suite must protect audit information from any and all unauthorized access. This includes read, write, and copy access. Satisfies: SRG-APP-000118, SRG-APP-000119, SRG-APP-000120, SRG-APP-000121, SRG-APP-000122, SRG-APP-000123

STIG	Date
Xylok Security Suite 20.x Security Technical Implementation Guide	2024-12-13

Details

Check Text (C-73609r1053501_chk)

Check the Xylok log file directory permissions with the following command:

$ ls -l /var/log/xylok

If any of the directories have permissions greater than "0770", this is a finding.

Fix Text (F-73510r1053502_fix)

As root, remove all global permissions for Xylok's log files by running:

# chmod -R 0770 /var/log/xylok/