4.2.2.3 Ensure syslog-ng default file permissions configured

Information

syslog-ng will create logfiles that do not already exist on the system. This setting controls what permissions will be applied to these newly created files.

Rationale:

It is important to ensure that log files exist and have the correct permissions to ensure that sensitive syslog-ng data is archived and protected.

Solution

Edit the /etc/syslog-ng/syslog-ng.conf and set perm option to 0640 or more restrictive:

options { chain_hostnames(off); flush_lines(0); perm(0640); stats_freq(3600); threaded(yes); };

See Also

https://workbench.cisecurity.org/files/3738