Xylok Security Suite must protect audit information from any type of unauthorized access.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-269576 | XYLK-20-000043 | SV-269576r1053503_rule | CCI-000162 | medium |
| Description | ||||
| If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult if not impossible to achieve. In addition, access to audit records provides information an attacker could potentially use to their advantage. To ensure the veracity of audit data, the information system and/or the Xylok Security Suite must protect audit information from any and all unauthorized access. This includes read, write, and copy access. Satisfies: SRG-APP-000118, SRG-APP-000119, SRG-APP-000120, SRG-APP-000121, SRG-APP-000122, SRG-APP-000123 | ||||
| STIG | Date | |||
| Xylok Security Suite 20.x Security Technical Implementation Guide | 2024-12-13 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AU-9
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.3.8
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000162
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-269576r1053503_chk)
Check the Xylok log file directory permissions with the following command:
$ ls -l /var/log/xylok
If any of the directories have permissions greater than "0770", this is a finding.
Fix Text (F-73510r1053502_fix)
As root, remove all global permissions for Xylok's log files by running:
# chmod -R 0770 /var/log/xylok/