GEN001270 - System log files must not have extended ACLs, except as needed to support authorized software.

Information

If the system log files are not protected, unauthorized users could change the logged data, eliminating its forensic value. Authorized software may be given log file access through the use of extended ACLs when needed and configured to provide the least privileges required.

Solution

Remove the extended ACL from the file.
# chmod A- [file with extended ACL]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R4_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-11b., CAT|II, CCI|CCI-001314, Rule-ID|SV-227620r603266_rule, STIG-ID|GEN001270, STIG-Legacy|SV-26369, STIG-Legacy|V-22315, Vuln-ID|V-227620

Plugin: Unix

Control ID: d325b4cccf2ce0fd57173507a537bb64c4056bd572da0c7607faa8a3278bc9c6