Verify Owner on lastlog Command

An XCCDF Rule

Description

To properly set the owner of /usr/bin/lastlog, run the command:

$ sudo chown root /usr/bin/lastlog

Rationale

Unauthorized disclosure of the contents of the /var/log/lastlog file can reveal system data to attackers, thus compromising its confidentiality.

ID: xccdf_org.ssgproject.content_rule_file_ownership_lastlog
Severity: Medium
References: CCI-001314

SI-11(b) SI-11(c) SI-11.1(iv)

SRG-OS-000206-GPOS-00084

OL08-00-020263

SV-248706r779684_rule
Updated: about 1 year ago

- name: Test for existence /usr/bin/lastlog
  stat:
    path: /usr/bin/lastlog
  register: file_exists
  tags:
  - DISA-STIG-OL08-00-020263  - NIST-800-53-SI-11(b)
  - NIST-800-53-SI-11(c)
  - NIST-800-53-SI-11.1(iv)
  - configure_strategy
  - file_ownership_lastlog
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

- name: Ensure owner 0 on /usr/bin/lastlog
  file:
    path: /usr/bin/lastlog
    owner: '0'
  when: file_exists.stat is defined and file_exists.stat.exists
  tags:
  - DISA-STIG-OL08-00-020263
  - NIST-800-53-SI-11(b)
  - NIST-800-53-SI-11(c)
  - NIST-800-53-SI-11.1(iv)
  - configure_strategy
  - file_ownership_lastlog
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

chown 0 /usr/bin/lastlog

Verify Owner on lastlog Command

Description

Rationale

Remediation - Ansible

Remediation - Shell Script