Verify Group Who Owns /var/log Directory

An XCCDF Rule

Description

To properly set the group owner of /var/log, run the command:

$ sudo chgrp syslog /var/log

Rationale

The /var/log directory contains files with logs of error messages in the system and should only be accessed by authorized personnel.

ID: xccdf_org.ssgproject.content_rule_file_groupowner_var_log
Severity: Medium
References: CCI-001314

SRG-OS-000206-GPOS-00084

SRG-APP-000118-CTR-000240
Updated: about 1 year ago

- name: Ensure group owner on /var/log/
  file:
    path: /var/log/
    state: directory
    group: '0'
  tags:  - configure_strategy
  - file_groupowner_var_log
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

find -H /var/log/ -maxdepth 1 -type d -exec chgrp 0 {} \;