V-38557: The audit system must be configured to audit all discretionary access control permission modifications using fsetxattr.
--------------------------------------------------------------------------------------------------------------------------------

The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC
modifications can facilitate the identification of patterns of abuse among
both authorized and unauthorized users.

Details: `V-38557 in STIG Viewer`_.

.. _V-38557 in STIG Viewer: https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2015-05-26/finding/V-38557

Notes for deployers
~~~~~~~~~~~~~~~~~~~

.. include:: developer-notes/V-38557.rst