STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Anduril NixOS Security Technical Implementation Guide

V-268113

CAT II (Medium)

NixOS audit log directory must have a mode of 0700 or less permissive.

Rule ID

SV-268113r1039227_rule

STIG

Anduril NixOS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000162

Discussion

Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit NixOS system activity.

Check Content

Verify that the audit log directory has a mode of "0700" or less permissive.

First, determine where the audit logs are stored with the following command:

$ sudo grep log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log

Using the path of the directory containing the audit logs, check if the audit log directory has a mode of "0700" or less by using the following command:

$ sudo find /var/log/audit -type d -exec stat -c "%a %n" {} \;
700 /var/log/audit

If the audit log directory (or any subfolders) has a mode more permissive than "0700", this is a finding.

Fix Text

Configure the audit log directory to have a mode of "0700" or less permissive.

Using the path of the directory containing the audit logs, configure the audit log directory to have a mode of "0700" or less permissive by using the following command:

$ sudo chmod 0700 /var/log/audit