[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-96217-5

Platform: cpe:/o:suse:suse_linux_enterprise_server:15Date: (C)2022-09-27   (M)2023-07-04



Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. Audit tools include but are not limited to vendor-provided and open-source audit tools needed to successfully view and manipulate audit information system activity and records. Audit tools include custom queries and report generators. It is not uncommon for attackers to replace the audit tools or inject code into the existing tools to provide the capability to hide or erase system activity from the audit logs. To address this risk, audit tools must be cryptographically signed to provide the capability to identify when the audit tools have been modified, manipulated, or replaced. An example is a checksum hash of the file or files.


Parameter:

[yes/no]


Technical Mechanism:

Fix:Configure the SUSE operating system file integrity tool to protect the integrity of the audit tools. Add or update the following lines to "/etc/aide.conf" to protect the integrity of the audit tools: # audit tools /usr/sbin/auditctl p+i+n+u+g+s+b+acl+selinux+xattrs+sha512 /usr/sbin/auditd p+i+n+u+g+s+b+acl+selinux+xattrs+sha512 /usr/sbin/ausearch p+i+n+u+g+s+b+acl+selinux+xattrs+sha512 /usr/sbin/aureport p+i+n+u+g+s+b+acl+selinux+xattrs+sha512 /usr/sbin/autrace p+i+n+u+g+s+b+acl+selinux+xattrs+sha512 /usr/sbin/audispd p+i+n+u+g+s+b+acl+selinux+xattrs+sha512 /usr/sbin/augenrules p+i+n+u+g+s+b+acl+selinux+xattrs+sha512

CCSS Severity:CCSS Metrics:
CCSS Score : 4.7Attack Vector: LOCAL
Exploit Score: 1.0Attack Complexity: HIGH
Impact Score: 3.6Privileges Required: LOW
Severity: MEDIUMUser Interaction: NONE
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NScope: UNCHANGED
 Confidentiality: NONE
 Integrity: HIGH
 Availability: NONE
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:84431


OVAL    1
oval:org.secpod.oval:def:84431
XCCDF    1
xccdf_org.secpod_benchmark_general_SLES_15

© SecPod Technologies