---
RHEL6/input/system/auditing.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/RHEL6/input/system/auditing.xml b/RHEL6/input/system/auditing.xml
index 73a9233..5f35e28 100644
--- a/RHEL6/input/system/auditing.xml
+++ b/RHEL6/input/system/auditing.xml
@@ -976,7 +976,7 @@ If the system is 64 bit then also add the following:
-k perm_mod</pre>
</description>
<ocil>
-<audit-syscall-check-macro syscall="fchmod" />
+<audit-syscall-check-macro syscall="lchown" />
</ocil>
<rationale>The changing of file permissions could indicate that a user is
attempting to
gain access to information that would otherwise be disallowed. Auditing DAC
modifications
--
1.8.0
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
