4.1.1.1 Ensure access on /smit.log is configured

Information

The /smit.log file maintains a history of all smit commands run as root.

The /smit.log file may contain sensitive information regarding system configuration, which may be of interest to an attacker. This log file must be secured from unauthorized access and modifications.

Solution

Remove world read and write access to /smit.log :

chmod o-rw /smit.log

See Also

https://workbench.cisecurity.org/benchmarks/10385

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 8f7c4e873906a077284db720d460b815d23859fce6348cdc49aa8196671e7d76