{"description": "rsyslog will create logfiles that do not already exist on the system.\nThis settings controls what permissions will be applied to these newly\ncreated files.", "rationale": "It is important to ensure that log files have the correct permissions\nto ensure that sensitive data is archived and protected.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "$FileCreateMode is not set or is more permissive than 0640", "ocil": "Run the following command:\n<pre># grep ^\\$FileCreateMode /etc/rsyslog.conf /etc/rsyslog.d/*.conf</pre>\nVerify the output matches:\n<pre>$FileCreateMode 0640</pre>\nShould a site policy dictate less restrictive permissions, ensure to follow\nsaid policy.", "oval_external_content": null, "fixtext": "Edit either `/etc/rsyslog.conf` or a dedicated .conf file in `/etc/rsyslog.d/`\nand set $FileCreateMode to 0640 or more restrictive:\n$FileCreateMode 0640\nRestart the service:\n# systemctl restart rsyslog", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure rsyslog Default File Permissions Configured", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml", "template": null}