System log files must have mode 0640 or less permissive.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-787	GEN001260	SV-35275r1_rule	ECTP-1	Medium

Description
If the system log files are not protected, unauthorized users could change the logged data, eliminating its forensic value.

STIG	Date
HP-UX 11.31 Security Technical Implementation Guide	2018-09-14

Details

Check Text ( C-36302r1_chk )
Check the mode of log files. # ls -lLR /var/log /var/log/syslog /var/adm /var/opt Note that some of the above directories will contain more than just system log files. For example: /var/adm/sa, /var/adm/sw, etc. Any non-system log files contained within the above directories should be excluded from this requirement. If any of the system log files have modes more permissive than 0640, this is a finding.

Check Text ( C-36302r1_chk )

Check the mode of log files.

# ls -lLR /var/log /var/log/syslog /var/adm /var/opt

Note that some of the above directories will contain more than just system log files. For example: /var/adm/sa, /var/adm/sw, etc. Any non-system log files contained within the above directories should be excluded from this requirement.

If any of the system log files have modes more permissive than 0640, this is a finding.

Fix Text (F-31557r1_fix)
Change the mode of the system log files to 0640 or less permissive. # chmod 0640 / NOTE: Do not confuse system log files with audit logs.