GEN001260 - System log files must have mode 0640 or less permissive - '/var/log/syslog/*'

Information

If the system log files are not protected, unauthorized users could change the logged data, eliminating its forensic value.

Solution

Change the mode of the system log file(s) to 0640 or less permissive.

Procedure:
# chmod 0640 /path/to/system-log-file

Note: Do not confuse system log files with audit logs.

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R17_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CAT|II, CCI|CCI-001314, CSCv6|3.1, Group-ID|V-787, Rule-ID|SV-37228r3_rule, STIG-ID|GEN001260

Plugin: Unix

Control ID: 682ba32e6c993d0d5bed27e550c71bf546e756e00a4489319e87356be578c0d7