Skip to content

Verify Group Who Owns /var/log/syslog File

An XCCDF Rule

Description

To properly set the group owner of /var/log/syslog, run the command:

$ sudo chgrp adm /var/log/syslog

Rationale

The /var/log/syslog file contains logs of error messages in the system and should only be accessed by authorized personnel.

ID
xccdf_org.ssgproject.content_rule_file_groupowner_var_log_syslog
Severity
Medium
References
Updated



Remediation - Ansible

- name: Test for existence /var/log/syslog
  stat:
    path: /var/log/syslog
  register: file_exists
  tags:
  - DISA-STIG-UBTU-20-010420

Remediation - Shell Script

chgrp 4 /var/log/syslog