6.1.1.2 Ensure journald log file access is configured

Information

Journald will create logfiles that do not already exist on the system. This setting controls what permissions will be applied to these newly created files.

It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

NOTE: journald or rsyslog was not found to be active. Review benchmark guidance to ensure local compliance.

Solution

If the default configuration is not appropriate for the site specific requirements, copy /usr/lib/tmpfiles.d/systemd.conf to /etc/tmpfiles.d/systemd.conf and modify as required. Recommended mode for logfiles is 0640 or more restrictive.

See Also

https://workbench.cisecurity.org/benchmarks/18959