← Rules Catalog
mediumloggingverified rollback-safe

Ensure access to all logfiles has been configured

logfiles-access-configured · RHEL ≥ 8 · 1 impl

Description

Access to log files should be restricted to prevent unauthorized users from viewing or modifying log data.

Rationale

Log files contain sensitive information about system activities. Restricting access protects the integrity of audit trails.

Check → Remediate

Checkcommand
# Check for world-readable log files
bad_perms=$(find /var/log -type f -perm /o+r 2>/dev/null | head -5)
if [ -n "$bad_perms" ]; then
  echo "FAIL: Found world-readable log files:"
  echo "$bad_perms"
  exit 1
fi
echo "OK: Log file permissions are properly configured"
exit 0
expected_exit:
0
Remediatefile_permissions
find_paths:
/var/log
find_type:
f
find_args:
-perm /o+r
mode:
o-r

Framework references

CIS

rhel8 6.2.3.1rhel9 6.2.4.1rhel10 6.2.4.1

NIST 800-53

AU-9

Live verification

rhel10:checkrhel8:checkrhel9:check
#logging#permissions#security