System log files must have mode 0640 or less permissive.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-787 | GEN001260 | SV-39832r1_rule | ECTP-1 | Medium |
| Description |
|---|
| If the system log files are not protected, unauthorized users could change the logged data, eliminating its forensic value. |
| STIG | Date |
|---|---|
| Solaris 10 SPARC Security Technical Implementation Guide | 2014-04-04 |
Details
| Check Text ( C-38709r1_chk ) |
|---|
| Check the mode of log file hierarchies. Procedure: # ls -lLRa /var/log /var/adm If any of the log files or their directories have modes more permissive than 0640, this is a finding. |
| Fix Text (F-941r2_fix) |
|---|
| Change the mode of the system log file(s) to 0640 or less permissive. Procedure: # chmod 0640 /path/to/system-log-file NOTE: Do not confuse system log files with audit logs. Any subsystems that require less stringent permissions must be documented. |