Skip to content

Verify Permissions on /var/log Directory

An XCCDF Rule

Description

To properly set the permissions of /var/log, run the command:

$ sudo chmod 0755 /var/log

Rationale

The /var/log directory contains files with logs of error messages in the system and should only be accessed by authorized personnel.

ID
xccdf_org.ssgproject.content_rule_file_permissions_var_log
Severity
Medium
References
Updated



Remediation - Ansible

- name: Find /var/log/ file(s)
  command: 'find -H /var/log/ -maxdepth 1 -perm /u+s,g+ws,o+wt  -type d '
  register: files_found
  changed_when: false
  failed_when: false
  check_mode: false

Remediation - Shell Script


chmod 0755 /var/log/

if grep -q "^z \/var\/log " /usr/lib/tmpfiles.d/00rsyslog.conf; then
    sed -i --follow-symlinks "s/\(^z[[:space:]]\+\/var\/log[[:space:]]\+\)\(\([[:digit:]]\+\)[^ $]*\)/\10755/" /usr/lib/tmpfiles.d/00rsyslog.conf
fi