← Rules Catalog
mediumloggingverified rollback-safe

Restrict group ownership of /var/log/syslog

syslog-group · UBUNTU ≥ 22 · 1 impl

Description

The /var/log/syslog file must be group-owned by adm so that only the logging service and authorized administrators can read the system log.

Rationale

Correct group ownership of the system log limits read access to authorized administrators, preventing information leakage to unprivileged users.

Check → Remediate

Checkfile_permission
path:
/var/log/syslog
group:
adm
Remediatefile_permissions
path:
/var/log/syslog
group:
adm

Framework references

STIG

V-270768 / UBTU-24-700130V-260511 / UBTU-22-232135

NIST 800-53

SI-11

Live verification

ubuntu22:checkubuntu24:checkubuntu26:check
#syslog#ownership#logging