{"description": "Verify the /run/log/journal and /var/log/journal files are group-owned by\n\"systemd-journal\" by using the following command:\n<pre>\n$ sudo find /run/log/journal /var/log/journal  -type f -exec stat -c \"%n %G\" {} \\;\n</pre>\nIf any output returned is not group-owned by \"systemd-journal\", this is a finding.", "rationale": "Only authorized personnel should be aware of errors and the details of the errors.\nError messages are an indicator of an organization's operational state or can\nidentify the operating system or platform. Additionally, personally identifiable\ninformation (PII) and operational information must not be revealed through error\nmessages to unauthorized personnel or their designated representatives.", "severity": "medium", "references": {"srg": ["SRG-APP-000118-CTR-000240"], "stigid": ["UBTU-22-232095"], "stigref": ["SV-260504r958566_rule"]}, "control_references": {"stigid": ["UBTU-22-232095"]}, "components": [], "identifiers": {}, "ocil_clause": "/var/log/journal/.*/system.journal does not have a group owner of\nsystemd-journal\n", "ocil": "To check the group ownership of <code>/var/log/journal/.*/system.journal</code>,\nrun the command:\n<pre>$ ls -lL /var/log/journal/.*/system.journal</pre>\nIf properly configured, the output should indicate the following group-owner:\n\n  <code>systemd-journal</code>\n  ", "oval_external_content": null, "fixtext": "Configure the system to set the appropriate group-ownership to the files\nused by the systemd journal:\nAdd or modify the following lines in the \"/etc/tmpfiles.d/systemd.conf\" file:\n<pre>\nz /var/log/journal/%m/system.journal 0640 root systemd-journal - -\n</pre>\nRestart the system for the changes to take effect.\n", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify Group Who Owns the system journal", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/journald/file_groupowner_system_journal/rule.yml", "template": {"name": "file_groupowner", "vars": {"filepath": ["/run/log/journal/", "/var/log/journal/"], "recursive": "true", "file_regex": "^.*$", "gid_or_name": "systemd-journal"}, "backends": {}}}