Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CTE UserSpace Administration

Making loginuid Immutable

search

Please Note:

Making loginuid Immutable

It is recommended to set your audit login UIDs to be immutable to prevent the ability to impersonate other users. The Guide to the Secure Configuration of Red Hat Enterprise Linux 8 recommends the following script to address the issue:

Note

This remediation is not applicable to SLES 12.

!bash

if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then cat << 'EOF' > /etc/audit/rules.d/11-loginuid.rules

Make the loginuid immutable. This prevents tampering with the auid.

--loginuid-immutable EOF augenrules --load else

&2 echo 'Remediation is not applicable, nothing was done' fi

Alternatively, use the auditctl command to set audit login UIDs to be immutable immediately for the current boot. This command, however, needs to be rerun at each boot to remain effective:

auditctl –loginuid-immutable

After this mitigation is enabled, the root user should no longer be able to exploit loginuid.

On this page