Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
OpenShift must protect log directory from any type of unauthorized access by setting file permissions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-257530 | CNTR-OS-000280 | SV-257530r921533_rule | Medium |
| Description |
|---|
| Log files contain sensitive information such as user credentials, system configurations, and potentially even security-related events. Unauthorized access to log files can expose this sensitive data to malicious actors. By protecting the log directory, OpenShift ensures that only authorized users or processes can access the log files, preserving the confidentiality of the information contained within them. |
| STIG | Date |
|---|---|
| Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide | 2023-08-28 |
Details
| Check Text ( C-61265r921531_chk ) |
|---|
| Verify the "/var/log" directory has a mode of "0755" or less by executing the following: for node in $(oc get node -oname); do oc debug $node -- chroot /host /bin/bash -c 'echo -n "$HOSTNAME "; stat -c "%a %n" /var/log' 2>/dev/null; done If a value of "0755" or less permissive is not returned, this is a finding. |
| Fix Text (F-61189r921532_fix) |
|---|
| Correct log directory permissions by executing the following: for node in $(oc get node -oname); do oc debug $node -- chroot /host /bin/bash -c 'echo -n "$HOSTNAME "; chmod 755 /var/log/' 2>/dev/null; done |