Skip to content

Ensure rsyslog Default File Permissions Configured

An XCCDF Rule

Description

rsyslog will create logfiles that do not already exist on the system. This settings controls what permissions will be applied to these newly created files.

Rationale

It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected.

ID
xccdf_org.ssgproject.content_rule_rsyslog_filecreatemode
Severity
Medium
References
Updated



Remediation - Ansible

- name: Ensure rsyslog Default File Permissions Configured - Search for $FileCreateMode
    Parameter in rsyslog Main Config File
  ansible.builtin.find:
    paths: /etc
    pattern: rsyslog.conf
    contains: ^\s*\$FileCreateMode\s*\d+

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

readarray -t targets < <(grep -H '^\s*$FileCreateMode' /etc/rsyslog.conf /etc/rsyslog.d/*)

# if $FileCreateMode set in multiple places