Red Hat Enterprise Linux 9 • Release: 7 Benchmark Date: 05 Jan 2026

CAT II V-270176 RHEL-09-232104

RHEL 9 "/etc/audit/" must be group-owned by root.

Documentable No
Rule ID SV-270176r1137691_rule
CCI References
CCI-000162

Discussion

The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.

Check Procedure

Verify the group ownership of the "/etc/audit/" directory with the following command:

$ sudo stat -c "%G %n" /etc/audit/

root /etc/audit/

If "/etc/audit/" does not have a group owner of "root", this is a finding.

Fix Action

Change the group of the file "/etc/audit/" to "root" by running the following command:

$ sudo chgrp root /etc/audit/