Xylok Security Suite must protect audit information from any type of unauthorized access.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-269576 | XYLK-20-000043 | SV-269576r1053503_rule | CCI-000162 | medium |
| Description | ||||
| If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult if not impossible to achieve. In addition, access to audit records provides information an attacker could potentially use to their advantage. To ensure the veracity of audit data, the information system and/or the Xylok Security Suite must protect audit information from any and all unauthorized access. This includes read, write, and copy access. Satisfies: SRG-APP-000118, SRG-APP-000119, SRG-APP-000120, SRG-APP-000121, SRG-APP-000122, SRG-APP-000123 | ||||
| STIG | Date | |||
| Xylok Security Suite 20.x Security Technical Implementation Guide | 2024-12-13 | |||
Details
Check Text (C-269576r1053503_chk)
Check the Xylok log file directory permissions with the following command:
$ ls -l /var/log/xylok
If any of the directories have permissions greater than "0770", this is a finding.
Fix Text (F-73510r1053502_fix)
As root, remove all global permissions for Xylok's log files by running:
# chmod -R 0770 /var/log/xylok/