Verify that local /var/log/messages is not world-readable
An XCCDF Rule
Description
Files containing sensitive informations should be protected by restrictive
permissions. Most of the time, there is no need that these files need to be read by any non-root user
To properly set the permissions of /var/log/messages, run the command:
$ sudo chmod 0640 /var/log/messagesCheck that "permissions.local" file contains the correct permissions rules with the following command:
# grep -i messages /etc/permissions.local /var/log/messages root:root 640
Rationale
The /var/log/messages file contains system error messages. Only
authorized personnel should be aware of errors and the details of the
errors. Error messages are an indicator of an organization's operational
state or can identify the SUSE operating system or platform. Additionally,
Personally Identifiable Information (PII) and operational information must
not be revealed through error messages to unauthorized personnel or their
designated representatives.
- ID
- xccdf_org.ssgproject.content_rule_file_permissions_local_var_log_messages
- Severity
- Medium
- Updated
Remediation - Ansible
- name: Configure permission for /var/log/messages
lineinfile:
path: /etc/permissions.local
create: true
regexp: ^\/var\/log\/messages\s+root.*
line: /var/log/messages root:root 640
Remediation - Shell Script
CORRECT_PERMISSIONS="/var/log/messages root:root 640"
err_cnt=0
message_permissions=$(grep -i messages /etc/permissions.local)
if [ ${#message_permissions} -eq 0 ]
then