4.4 Ensure logrotate assigns appropriate permissions

Information

Log files contain logged information from many services on the system, or on log hosts others as well.

Rationale:

It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected.

Solution

Edit /etc/logrotate.conf and update the create line to read 0640 or more restrictive, following local site policy
Example:

create 0640 root utmp

See Also

https://workbench.cisecurity.org/files/3219