← Back to Xylok Security Suite 20.x Security Technical Implementation Guide

V-269576

CAT II (Medium)

Xylok Security Suite must protect audit information from any type of unauthorized access.

Rule ID

SV-269576r1053503_rule

STIG

Xylok Security Suite 20.x Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000162 CCI-000163 CCI-000164 CCI-001493 CCI-001494 CCI-001495

Discussion

If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult if not impossible to achieve. In addition, access to audit records provides information an attacker could potentially use to their advantage. To ensure the veracity of audit data, the information system and/or the Xylok Security Suite must protect audit information from any and all unauthorized access. This includes read, write, and copy access. Satisfies: SRG-APP-000118, SRG-APP-000119, SRG-APP-000120, SRG-APP-000121, SRG-APP-000122, SRG-APP-000123

Check Content

Check the Xylok log file directory permissions with the following command:

$ ls -l /var/log/xylok

If any of the directories have permissions greater than "0770", this is a finding.

Fix Text

As root, remove all global permissions for Xylok's log files by running:

# chmod -R 0770 /var/log/xylok/