Red Hat Enterprise Linux 9 • Release: 7 Benchmark Date: 05 Jan 2026

CAT II V-270175 RHEL-09-232103

RHEL 9 "/etc/audit/" must be owned by root.

Documentable No
Rule ID SV-270175r1137691_rule
CCI References
CCI-000162

Discussion

The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.

Check Procedure

Verify the ownership of the "/etc/audit/" directory with the following command:

$ sudo stat -c "%U %n" /etc/audit/

root /etc/audit/

If the "/etc/audit/" directory does not have an owner of "root", this is a finding.

Fix Action

Change the owner of the file "/etc/audit/" to "root" by running the following command:

$ sudo chown root /etc/audit/