Verify Permissions on /var/log Directory
An XCCDF Rule
Description
To properly set the permissions of /var/log
, run the command:
$ sudo chmod 0755 /var/log
Rationale
The /var/log
directory contains files with logs of error
messages in the system and should only be accessed by authorized
personnel.
- ID
- xccdf_org.ssgproject.content_rule_file_permissions_var_log
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Find /var/log/ file(s)
command: 'find -H /var/log/ -maxdepth 1 -perm /u+s,g+ws,o+wt -type d '
register: files_found
changed_when: false
failed_when: false
check_mode: false
Remediation - Shell Script
chmod 0755 /var/log/
if grep -q "^z \/var\/log " /usr/lib/tmpfiles.d/00rsyslog.conf; then
sed -i --follow-symlinks "s/\(^z[[:space:]]\+\/var\/log[[:space:]]\+\)\(\([[:digit:]]\+\)[^ $]*\)/\10755/" /usr/lib/tmpfiles.d/00rsyslog.conf
fi