mediumloggingverified ✓rollback-safe
Restrict permissions on the journalctl command
journalctl-permissions · UBUNTU ≥ 22 · 1 impl
Description
The /usr/bin/journalctl command must have a mode of 0740 so that only root can execute it and read the systemd journal, which may contain sensitive operational information.
Rationale
The systemd journal can expose sensitive system and security detail. Restricting the journalctl binary to root-only execution prevents unprivileged users from reading it.
Check → Remediate
Checkfile_permission
- path:
- /usr/bin/journalctl
- mode:
- 0740
Remediatefile_permissions
- path:
- /usr/bin/journalctl
- mode:
- 0740
Framework references
STIG
V-270758 / UBTU-24-700030V-260512 / UBTU-22-232140
NIST 800-53
SI-11
Live verification
ubuntu22:checkubuntu24:checkubuntu26:check
#journald#permissions#logging