Verify Group Who Owns lastlog Command

An XCCDF Rule

Description

To properly set the group owner of /var/log/lastlog, run the command:

$ sudo chgrp root /var/log/lastlog

Rationale

Unauthorized disclosure of the contents of the /var/log/lastlog file can reveal system data to attackers, thus compromising its confidentiality.

ID: xccdf_org.ssgproject.content_rule_file_groupownership_lastlog
Severity: Medium
References: CCI-001314

SI-11(b) SI-11(c) SI-11.1(iv)

SRG-OS-000206-GPOS-00084

OL08-00-020264

SV-248707r779687_rule
Updated: about 1 year ago

- name: Test for existence /usr/bin/lastlog
  stat:
    path: /usr/bin/lastlog
  register: file_exists
  tags:
  - DISA-STIG-OL08-00-020264  - NIST-800-53-SI-11(b)
  - NIST-800-53-SI-11(c)
  - NIST-800-53-SI-11.1(iv)
  - configure_strategy
  - file_groupownership_lastlog
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

- name: Ensure group owner 0 on /usr/bin/lastlog
  file:
    path: /usr/bin/lastlog
    group: '0'
  when: file_exists.stat is defined and file_exists.stat.exists
  tags:
  - DISA-STIG-OL08-00-020264
  - NIST-800-53-SI-11(b)
  - NIST-800-53-SI-11(c)
  - NIST-800-53-SI-11.1(iv)
  - configure_strategy
  - file_groupownership_lastlog
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

chgrp 0 /usr/bin/lastlog

Verify Group Who Owns lastlog Command

Description

Rationale

Remediation - Ansible

Remediation - Shell Script