4.2.1.3 Ensure rsyslog default file permissions configured

Information

rsyslog will create logfiles that do not already exist on the system. This setting controls what permissions will be applied to these newly created files.

Rationale:

It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected.

Solution

Edit the /etc/rsyslog.conf and /etc/rsyslog.d/*.conf files and set $FileCreateMode to 0640 or more restrictive:

$FileCreateMode 0640

See Also

https://workbench.cisecurity.org/files/3738