4.2.2.3 Ensure syslog-ng default file permissions configured

Information

syslog-ng will create logfiles that do not already exist on the system. This setting controls what permissions will be applied to these newly created files.

Rationale:

It is important to ensure that log files exist and have the correct permissions to ensure that sensitive syslog-ng data is archived and protected.

Solution

Edit the /etc/syslog-ng/syslog-ng.conf and set perm option to 0640 or more restrictive:

options { chain_hostnames(off); flush_lines(0); perm(0640); stats_freq(3600); threaded(yes); };

See Also

https://workbench.cisecurity.org/files/3738

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: f5d11828676be8907ef9ca5dacbdbcf71dd3e96ca3c33e093630575166545dba