The OL 8 lastlog command must have a mode of "0750" or less permissive.
Overview
| Finding ID |
Version |
Rule ID |
IA Controls |
Severity |
| V-248705 |
OL08-00-020262 |
SV-248705r958566_rule |
|
Medium |
| Description |
| Unauthorized disclosure of the contents of the /var/log/lastlog file can reveal system data to attackers, thus compromising its confidentiality. |
Details
| Check Text (C-52139r779679_chk) |
Verify the "lastlog" command has a mode of "0750" or less permissive with the following command:
$ sudo stat -c "%a %n" /usr/bin/lastlog
750 /usr/bin/lastlog
If the "lastlog" command has a mode more permissive than "0750", this is a finding. |
| Fix Text (F-52093r779680_fix) |
Configure the mode of the "lastlog" command for OL 8 to "0750" with the following command:
$ sudo chmod 0750 /usr/bin/lastlog |