GEN005395 - The /etc/rsyslog.conf file must not have an extended ACL.

Information

Unauthorized users must not be allowed to access or modify the /etc/rsyslog.conf file.

Solution

Remove the extended ACL from the file.
# setfacl --remove-all /etc/syslog.conf
Or:
# setfacl -- remove-all /etc/rsyslog.conf

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-22454, Rule-ID|SV-37710r2_rule, STIG-ID|GEN005395, Vuln-ID|V-22454

Plugin: Unix

Control ID: b502ce5c8768bad017ac10fc9cc27c9929e9a0703a9b470f1e5945db95b9c4a2