mediumloggingverified ✓rollback-safe
Ensure system journal files are owned by root
journal-files-owner · UBUNTU ≥ 22 · 1 impl
Description
All files under /run/log/journal and /var/log/journal must be owned by root so that only the root account can alter or remove stored journal records.
Rationale
Journal files owned by a non-root account could be edited or deleted by that account, destroying or falsifying the operational and security record the journal is meant to preserve.
Check → Remediate
Checkcommand
find /run/log/journal /var/log/journal ! -user root -type f 2>/dev/null | head -1
Remediatefile_permissions
- find_paths:
- /run/log/journal, /var/log/journal
- find_type:
- f
- find_args:
- ! -user root
- owner:
- root
Framework references
STIG
V-270764 / UBTU-24-700090V-260503 / UBTU-22-232090
NIST 800-53
SI-11AC-6
Live verification
ubuntu22:checkubuntu24:check
#journald#permissions#logging