GEN001270 - All system log files must not have extended ACLs.

Information

If the system log files are not protected, unauthorized users could change the logged data, eliminating its forensic value. Authorized software may be given log file access through the use of extended ACLs when needed and configured to provide the least privileges required.

Solution

Remove the extended ACL from the file.

Procedure:
# setfacl --remove-all [file with extended ACL]

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-11b., CAT|II, CCI|CCI-001314, Group-ID|V-22315, Rule-ID|SV-37233r1_rule, STIG-ID|GEN001270, Vuln-ID|V-22315

Plugin: Unix

Control ID: d9258219396eeb23b31821dc0daba333f4e13ffd9ec5509fad79dcd3d9f339c5