GEN001260 - System log files must have mode 0640 or less permissive - '/var/log/*'

Information

If the system log files are not protected, unauthorized users could change the logged data, eliminating its forensic value.

Solution

Change the mode of the system log file(s) to 0640 or less permissive.
Procedure:
# chmod 0640 /path/to/system-log-file
NOTE: Do not confuse system log files with audit logs. Any subsystems that require less stringent permissions must be documented.

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-11b., CAT|II, CCI|CCI-001314, Rule-ID|SV-787r2_rule, STIG-ID|GEN001260, Vuln-ID|V-787

Plugin: Unix

Control ID: 28b4d3378973b7bbc6ebf1efa0f4bb3aa9c4fe5930d160ad0fa741b5b33a213a