5.2.4 Create and Set Permissions on rsyslog Log Files - /var/log/kern.log

Information

A log file must already exist for rsyslog to be able to write to it.

Rationale:

It is important to ensure that log files exist and have the correct permissions to ensure that sensitive rsyslog data is archived and protected.

Solution

For sites that have not implemented a secure admin group:
Create the /var/log/ directory and for each listed in the /etc/rsyslog.conf file, perform the following commands:

# touch <logfile>
# chown root:root <logfile>
# chmod og-rwx <logfile>

For sites that have implemented a secure admin group:
Create the /var/log/ directory and for each listed in the /etc/rsyslog.conf file, perform the following commands (where is the name of the security group):

# touch <logfile>
# chown root:<securegrp> <logfile>
# chmod g-wx,o-rwx <logfile>

Default Value:

OS Default: No

See Also

https://workbench.cisecurity.org/files/3096

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12, CSCv6|3.1, CSCv7|6.3

Plugin: Unix

Control ID: 49f6fda3cd9dd7e95e2faa694ed76f7514a7e630ebecef72ac260e3727f0c3ff