mediumloggingverified ✓rollback-safe
Restrict the mode of /var/log/syslog
syslog-mode-permissions · UBUNTU ≥ 22 · 1 impl
Description
The /var/log/syslog file must have a mode of 0640 or less permissive so that unprivileged users cannot read the system log.
Rationale
The system log records security-relevant events and may contain sensitive information. Restricting the file mode prevents unauthorized users from reading log contents.
Check → Remediate
Checkfile_permission
- path:
- /var/log/syslog
- mode:
- 0640
Remediatefile_permissions
- path:
- /var/log/syslog
- mode:
- 0640
Framework references
STIG
V-270770 / UBTU-24-700150V-260491 / UBTU-22-232030
NIST 800-53
SI-11
Live verification
ubuntu22:checkubuntu24:checkubuntu26:check
#syslog#permissions#logging