← Rules Catalog
mediumloggingverified rollback-safe

Restrict the mode of /var/log/syslog

syslog-mode-permissions · UBUNTU ≥ 22 · 1 impl

Description

The /var/log/syslog file must have a mode of 0640 or less permissive so that unprivileged users cannot read the system log.

Rationale

The system log records security-relevant events and may contain sensitive information. Restricting the file mode prevents unauthorized users from reading log contents.

Check → Remediate

Checkfile_permission
path:
/var/log/syslog
mode:
0640
Remediatefile_permissions
path:
/var/log/syslog
mode:
0640

Framework references

STIG

V-270770 / UBTU-24-700150V-260491 / UBTU-22-232030

NIST 800-53

SI-11

Live verification

ubuntu22:checkubuntu24:checkubuntu26:check
#syslog#permissions#logging