4.4 Ensure logrotate assigns appropriate permissions

Information

Log files contain logged information from many services on the system, or on log hosts others as well.

Rationale:

It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected.

Solution

Edit /etc/logrotate.conf and update the create line to read 0640 or more restrictive, following local site policy
Example:

create 0640 root utmp

See Also

https://workbench.cisecurity.org/files/3219

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CSCv7|14.6

Plugin: Unix

Control ID: 16bd57fa79f1ee72abd0e5733ffe09f5b2ad783c73f55106192ba990a8f6fd05