mediumloggingverified ✓rollback-safe
Ensure the journalctl command is group-owned by root
journalctl-command-group · UBUNTU ≥ 22 · 1 impl
Description
The /usr/bin/journalctl command must be group-owned by root so that no non-root group can replace or tamper with the binary used to read the systemd journal.
Rationale
A journalctl binary group-owned by a non-root group could be modified by members of that group to hide or alter journal output, undermining the integrity of the audit and operational record.
Check → Remediate
Checkfile_permission
- path:
- /usr/bin/journalctl
- group:
- root
Remediatefile_permissions
- path:
- /usr/bin/journalctl
- group:
- root
Framework references
STIG
V-270760 / UBTU-24-700050V-260506 / UBTU-22-232105
NIST 800-53
SI-11AC-6
Live verification
ubuntu22:checkubuntu24:check
#journald#permissions#logging