V-38561: The audit system must be configured to audit all discretionary access control permission modifications using lsetxattr.
--------------------------------------------------------------------------------------------------------------------------------

The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC
modifications can facilitate the identification of patterns of abuse among
both authorized and unauthorized users.

Details: `V-38561 in STIG Viewer`_.

.. _V-38561 in STIG Viewer: https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2015-05-26/finding/V-38561

Notes for deployers
~~~~~~~~~~~~~~~~~~~

.. include:: developer-notes/V-38561.rst