UCF STIG Viewer Logo

System log files must have mode 0640 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-787 GEN001260 SV-787r9_rule ECTP-1 Medium
Description
If the system log files are not protected, unauthorized users could change the logged data, eliminating its forensic value.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-292r4_chk )
Check the mode of log files.

Procedure:
# ls –lL /var/log /var/log/syslog /var/adm

If any of the log files have modes more permissive than 0640, this is a finding.
Fix Text (F-941r4_fix)
Change the mode of the system log file(s) to 0640 or less permissive.

Procedure:
# chmod 0640 /path/to/system-log-file

NOTE: Do not confuse system log files with audit logs.