GEN001270 - System log files must not have extended ACLs, except as needed to support authorized software.

Information

If the system log files are not protected, unauthorized users could change the logged data, eliminating its forensic value. Authorized software may be given log file access through the use of extended ACLs when needed and configured to provide the least privileges required.

Solution

Remove the extended ACL(s) from the system log file(s) and disable extended permissions.
# acledit < directory >/< file>/

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-11b., CAT|II, CCI|CCI-001314, Rule-ID|SV-38687r1_rule, STIG-ID|GEN001270, Vuln-ID|V-22315

Plugin: Unix

Control ID: 10b1ff794c02784a5f88c6d146d765d7926f70afe31886ce16fb24ac84cfd927