4.7.2.5 /smit.log

Information

The /smit.log file maintains a history of all smit commands run as root.

Rationale:

The /smit.log file may contain sensitive information regarding system configuration, which may be of interest to an attacker. This log file must be secured from unauthorized access and modifications.

Solution

Remove world read and write access to /smit.log:

chmod o-rw /smit.log

Default Value:

644

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: Unix

Control ID: 917e2d09474170be7c0e6831d7873c983297487d13efd901f1e9ecca90d12583