mediumloggingverified ✓
Ensure journald log file access is configured
journald-file-access · RHEL ≥ 8 · 1 impl
Description
The persistent journal directory /var/log/journal and its files must not be accessible beyond the systemd-journal group and root, so log contents are not exposed to unprivileged users.
Rationale
System journals contain sensitive operational and security data. Loose permissions let unprivileged users read log data that can aid reconnaissance or expose secrets accidentally logged.
Check → Remediate
Checkcommand
d=/var/log/journal if [ ! -d "$d" ]; then echo "FAIL: $d does not exist (persistent journal not configured)"; exit 1; fi bad=$(find "$d" -type f \( -perm /0027 \) 2>/dev/null | head -1) if [ -n "$bad" ]; then echo "FAIL: over-permissive journal file: $bad"; exit 1; fi echo "OK: journal files restricted to group/owner"
- expected_exit:
- 0
Remediatemanual
- note:
- Ensure /var/log/journal files are mode 0640 or stricter and owned root:systemd-journal (systemd-tmpfiles restores the shipped permissions).
Framework references
CIS
rhel9 6.2.1.2rhel8 6.2.1.1.2rhel10 6.2.1.2
NIST 800-53
AU-9
Live verification
rhel9:check
#journald#logging#permissions