{"description": "Verify all files in the /run/log/journal and /var/log/journal directories have\npermissions set to \"640\" or less permissive by using the following command:\n<pre>\n$ sudo find /run/log/journal /var/log/journal  -type f -exec stat -c \"%n %a\" {} \\;\n</pre>\nIf any output returned has a permission set greater than \"640\", this is a finding.", "rationale": "Any operating system providing too much information in error messages risks\ncompromising the data and security of the structure, and content of error messages\nneeds to be carefully considered by the organization.", "severity": "medium", "references": {"srg": ["SRG-APP-000118-CTR-000240"], "stigid": ["UBTU-22-232027"], "stigref": ["SV-260490r1014781_rule"]}, "control_references": {"stigid": ["UBTU-22-232027"]}, "components": [], "identifiers": {}, "ocil_clause": "/var/log/journal/.*/system.journal does not have unix mode -rw-r-----", "ocil": "To check the permissions of <code>/var/log/journal/.*/system.journal</code>,\nrun the command:\n<pre>$ ls -l /var/log/journal/.*/system.journal</pre>\nIf properly configured, the output should indicate the following permissions:\n<code>-rw-r-----</code>", "oval_external_content": null, "fixtext": "Configure the system to set the appropriate permissions to the files and directories\nused by the systemd journal:\nAdd or modify the following lines in the \"/etc/tmpfiles.d/systemd.conf\" file:\n<pre>\nz /var/log/journal/%m/system.journal 0640 root systemd-journal - -\n</pre>\nRestart the system for the changes to take effect.\n", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify Permissions on the system journal", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/journald/file_permissions_system_journal/rule.yml", "template": {"name": "file_permissions", "vars": {"filepath": ["/run/log/journal/", "/var/log/journal/"], "recursive": "true", "file_regex": "^.*$", "filemode": "0640"}, "backends": {}}}