AlmaLinux OS 9 audit system must protect logon UIDs from unauthorized change.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-269544 | SRG-OS-000058-GPOS-00028 | ALMA-09-056780 | SV-269544r1050427_rule | 2026-02-27 | 1 |
Description
If modification of login user identifiers (UIDs) is not prevented, they can be changed by nonprivileged users and make auditing complicated or impossible.
ℹ️ Check
Verify the audit system prevents unauthorized changes to logon UIDs with the following command:
$ grep immutable /etc/audit/audit.rules
--loginuid-immutable
If the "--loginuid-immutable" option is not returned in the "/etc/audit/audit.rules", or the line is commented out, this is a finding.
✔️ Fix
Configure AlmaLinux OS 9 auditing to prevent modification of login UIDs once they are set by adding the following line to /etc/audit/rules.d/audit.rules:
--loginuid-immutable