Verify Permissions on the journal command
An XCCDF Rule
Description
Verify that the "journalctl" command has a permission set of "740" by using the following command:
$ sudo find /usr/bin/journalctl -exec stat -c "%n %a" {} \;
If "journalctl" is not set to "740", this is a finding.
Rationale
Any operating system providing too much information in error messages risks compromising the data and security of the structure, and content of error messages needs to be carefully considered by the organization.
- ID
- xccdf_org.ssgproject.content_rule_file_permissions_journalctl
- Severity
- Medium
- References
- Updated
Remediation Templates
An Ansible Snippet
- name: Gather the package facts
package_facts:
manager: auto
tags:
- DISA-STIG-UBTU-22-232140
- configure_strategyA Shell Script
# Remediation is applicable only in certain platforms
if dpkg-query --show --showformat='${db:Status-Status}
' 'kernel' 2>/dev/null | grep -q installed; then
chmod u-s,g-xws,o-xwrt /usr/bin/journalctl
else