Verify Permissions on /var/log/syslog File

An XCCDF Rule

Description

To properly set the permissions of /var/log/syslog, run the command:

$ sudo chmod 0640 /var/log/syslog

Rationale

The /var/log/syslog file contains logs of error messages in the system and should only be accessed by authorized personnel.

ID: xccdf_org.ssgproject.content_rule_file_permissions_var_log_syslog
Severity: Medium
References: CCI-001314

SRG-OS-000206-GPOS-00084
Updated: about 1 year ago

- name: Test for existence /var/log/syslog
  stat:
    path: /var/log/syslog
  register: file_exists
  tags:
  - configure_strategy  - file_permissions_var_log_syslog
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

- name: Ensure permission u-xs,g-xws,o-xwrt on /var/log/syslog
  file:
    path: /var/log/syslog
    mode: u-xs,g-xws,o-xwrt
  when: file_exists.stat is defined and file_exists.stat.exists
  tags:
  - configure_strategy
  - file_permissions_var_log_syslog
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed






chmod u-xs,g-xws,o-xwrt /var/log/syslog

Verify Permissions on /var/log/syslog File

Description

Rationale

Remediation - Ansible

Remediation - Shell Script