{"description": "Verify that the \"journalctl\" command is owned by \"root\" by\nusing the following command:\n<pre>\n$ sudo find /usr/bin/journalctl -exec stat -c \"%n %U\" {} \\;\n</pre>\nIf any output returned is not owned by \"root\", this is a finding.", "rationale": "Only authorized personnel should be aware of errors and the details of the errors.\nError messages are an indicator of an organization's operational state or can\nidentify the operating system or platform. Additionally, personally identifiable\ninformation (PII) and operational information must not be revealed through error\nmessages to unauthorized personnel or their designated representatives.", "severity": "medium", "references": {"stigid": ["UBTU-22-232100"], "stigref": ["SV-260505r958566_rule"]}, "control_references": {"stigid": ["UBTU-22-232100"]}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "Configure \"journalctl\" to be owned by \"root\":\n<pre>\n$ sudo chown root /usr/bin/journalctl\n</pre>\n", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify Owner on the journalctl Command", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/journald/file_owner_journalctl/rule.yml", "template": {"name": "file_owner", "vars": {"filepath": "/usr/bin/journalctl", "uid_or_name": "0"}, "backends": {}}}