{"description": "The file permissions for all log files written by <tt>rsyslog</tt> should\nbe set to 640, or more restrictive. These log files are determined by the\nsecond part of each Rule line in <tt>/etc/rsyslog.conf</tt> and typically\nall appear in <tt>/var/log</tt>. For each log file <i>LOGFILE</i>\nreferenced in <tt>/etc/rsyslog.conf</tt>, run the following command to\ninspect the file's permissions:\n<pre>$ ls -l <i>LOGFILE</i></pre>\nIf the permissions are not 640 or more restrictive, run the following\ncommand to correct this:\n<pre>$ sudo chmod 640 <i>LOGFILE</i></pre>\"", "rationale": "Log files can contain valuable information regarding system\nconfiguration. If the system log files are not protected unauthorized\nusers could change the logged data, eliminating their forensic value.", "severity": "medium", "references": {"nerc-cip": ["CIP-003-8 R5.1.1", "CIP-003-8 R5.3", "CIP-004-6 R2.3", "CIP-007-3 R2.1", "CIP-007-3 R2.2", "CIP-007-3 R2.3", "CIP-007-3 R5.1", "CIP-007-3 R5.1.1", "CIP-007-3 R5.1.2"], "nist": ["CM-6(a)", "AC-6(1)"], "pcidss": ["Req-10.5.1", "Req-10.5.2"], "anssi": ["R71"], "ism": ["0988", "1405"], "pcidss4": ["10.3.1", "10.3"]}, "control_references": {"anssi": ["R71"], "ism": ["0988", "1405"], "pcidss4": ["10.3.1", "10.3"]}, "components": [], "identifiers": {}, "ocil_clause": "the permissions are not correct", "ocil": "The file permissions for all log files written by <tt>rsyslog</tt> should\nbe set to 640, or more restrictive. These log files are determined by the\nsecond part of each Rule line in <tt>/etc/rsyslog.conf</tt> and typically\nall appear in <tt>/var/log</tt>. To see the permissions of a given log\nfile, run the following command:\n<pre>$ ls -l <i>LOGFILE</i></pre>\nThe permissions should be 640, or more restrictive.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel", "package[rsyslog]"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel", "package_rsyslog"], "bash_conditional": null, "fixes": {}, "title": "Ensure System Log Files Have Correct Permissions", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml", "template": {"name": "rsyslog_logfiles_attributes_modify", "vars": {"attribute": "permissions", "value": "0640"}, "backends": {}}}