Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-227619 | GEN001260 | SV-227619r603266_rule | Medium |
Description |
---|
If the system log files are not protected, unauthorized users could change the logged data, eliminating its forensic value. |
STIG | Date |
---|---|
Solaris 10 X86 Security Technical Implementation Guide | 2022-09-07 |
Check Text ( C-29781r488414_chk ) |
---|
Check the mode of log file hierarchies. Procedure: # ls -lLRa /var/log /var/adm If any of the log files or their directories have modes more permissive than "0640", and these are not documented, this is a finding. |
Fix Text (F-29769r488415_fix) |
---|
Change the mode of the system log file(s) to 0640 or less permissive. Procedure: # chmod "0640" /path/to/system-log-file NOTE: Do not confuse system log files with audit logs. Any subsystems that require less stringent permissions must be documented. |