Xylok Security Suite must protect audit information from any type of unauthorized access.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-269576	SRG-APP-000118	XYLK-20-000043	SV-269576r1053503_rule	2024-12-13	1

Description
If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult if not impossible to achieve. In addition, access to audit records provides information an attacker could potentially use to their advantage. To ensure the veracity of audit data, the information system and/or the Xylok Security Suite must protect audit information from any and all unauthorized access. This includes read, write, and copy access. Satisfies: SRG-APP-000118, SRG-APP-000119, SRG-APP-000120, SRG-APP-000121, SRG-APP-000122, SRG-APP-000123

Description

If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult if not impossible to achieve. In addition, access to audit records provides information an attacker could potentially use to their advantage. To ensure the veracity of audit data, the information system and/or the Xylok Security Suite must protect audit information from any and all unauthorized access. This includes read, write, and copy access. Satisfies: SRG-APP-000118, SRG-APP-000119, SRG-APP-000120, SRG-APP-000121, SRG-APP-000122, SRG-APP-000123

ℹ️ Check
Check the Xylok log file directory permissions with the following command: $ ls -l /var/log/xylok If any of the directories have permissions greater than "0770", this is a finding.

✔️ Fix
As root, remove all global permissions for Xylok's log files by running: # chmod -R 0770 /var/log/xylok/