You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Task 4.4 states "Ensure logrotate assigns appropriate permissions"
In the CIS document the following example is given:
Edit /etc/logrotate.conf and update the create line to read 0640 or more restrictive,
following local site policy
Example:
create 0640 root utmp
Even though this is just an example, the "root utmp" is copied literally into the task and this leads to new log files getting wrong groups, which consecuently leads to logs not being able to be written to these files.
# 4.4 Ensure logrotate assigns appropriate permissions
# It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected.
- name: 4.4 Ensure logrotate assigns appropriate permissions
lineinfile:
dest: /etc/logrotate.conf
regexp: "^create"
line: "create 0640 root utmp"
The correct way should be just changing the file permissions, without changing the already set owner/group, something like:
Task 4.4 states "Ensure logrotate assigns appropriate permissions"
In the CIS document the following example is given:
Even though this is just an example, the "root utmp" is copied literally into the task and this leads to new log files getting wrong groups, which consecuently leads to logs not being able to be written to these files.
The correct way should be just changing the file permissions, without changing the already set owner/group, something like:
The text was updated successfully, but these errors were encountered: