-
Notifications
You must be signed in to change notification settings - Fork 671
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add and modify rules file/dir_permissions_system_journal
- Satisfies STIG requirement UBTU-22-232027 - New rule for auditing permissions of /var/log/journal - Modified existing rule file_permissions_system_journal
- Loading branch information
Showing
4 changed files
with
97 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
43 changes: 43 additions & 0 deletions
43
linux_os/guide/system/logging/journald/dir_permissions_system_journal/rule.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
documentation_complete: true | ||
|
||
title: 'Verify Permissions on the system journal directories' | ||
|
||
description: |- | ||
Verify the /run/log/journal and /var/log/journal directories have | ||
permissions set to "2750" or less permissive by using the following command: | ||
<pre> | ||
$ sudo find /run/log/journal /var/log/journal -type d -exec stat -c "%n %a" {} \; | ||
</pre> | ||
If any output returned has a permission set greater than "2750", this is a finding. | ||
rationale: |- | ||
Any operating system providing too much information in error messages risks | ||
compromising the data and security of the structure, and content of error messages | ||
needs to be carefully considered by the organization. | ||
references: | ||
disa: CCI-001312 | ||
stigid@ubuntu2204: UBTU-22-232027 | ||
|
||
severity: medium | ||
|
||
fixtext: | | ||
Configure the system to set the appropriate permissions to the files and directories | ||
used by the systemd journal: | ||
Add or modify the following lines in the "/etc/tmpfiles.d/systemd.conf" file: | ||
<pre> | ||
z /run/log/journal 2750 root systemd-journal - - | ||
Z /run/log/journal/%m ~2750 root systemd-journal - - | ||
z /var/log/journal 2750 root systemd-journal - - | ||
z /var/log/journal/%m 2750 root systemd-journal - - | ||
</pre> | ||
Restart the system for the changes to take effect. | ||
template: | ||
name: file_permissions | ||
vars: | ||
filepath: | ||
- /run/log/journal/ | ||
- /var/log/journal/ | ||
recursive: 'true' | ||
filemode: '2750' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters