Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-787 | GEN001260 | SV-39832r2_rule | Medium |
Description |
---|
If the system log files are not protected, unauthorized users could change the logged data, eliminating its forensic value. |
STIG | Date |
---|---|
SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2016-06-22 |
Check Text ( C-38709r2_chk ) |
---|
Check the mode of log file hierarchies. Procedure: # ls -lLRa /var/log /var/adm If any of the log files or their directories have modes more permissive than "0640", and these are not documented, this is a finding. |
Fix Text (F-941r3_fix) |
---|
Change the mode of the system log file(s) to 0640 or less permissive. Procedure: # chmod "0640" /path/to/system-log-file NOTE: Do not confuse system log files with audit logs. Any subsystems that require less stringent permissions must be documented. |