The operating system must reveal error messages only to authorized personnel.

An XCCDF Rule

Description

Proper file permissions and ownership ensures that only designated personnel in the organization can access error messages.

ID: SV-216439r958566_rule
Version: SOL-11.1-070240
Severity: Low
References: CCI-001314
Updated: about 2 months ago

Remediation Templates

The root role is required.

Change the permissions and owner on the /var/adm/messages file:

# chmod 640 /var/adm/messages
# chown root /var/adm/messages# chgrp root /var/adm/messages

Change the permissions and owner on the /var/adm directory:

# chmod 750 /var/adm
# chown root /var/adm
# chgrp sys /var/adm