STIGQter STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

All rsyslog-generated log files must be group-owned by root.

DISA Rule

SV-208871r603263_rule

Vulnerability Number

V-208871

Group Title

SRG-OS-000206

Rule Version

OL6-00-000134

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The group-owner of all log files written by "rsyslog" should be root. These log files are determined by the second part of each Rule line in "/etc/rsyslog.conf" and typically all appear in "/var/log". For each log file [LOGFILE] referenced in "/etc/rsyslog.conf", run the following command to inspect the file's group owner:

$ ls -l [LOGFILE]

If the owner is not "root", run the following command to correct this:

# chgrp root [LOGFILE]

Check Contents

The group-owner of all log files written by "rsyslog" should be root. These log files are determined by the second part of each Rule line in "/etc/rsyslog.conf" and typically all appear in "/var/log". To see the group-owner of a given log file, run the following command:

$ ls -l [LOGFILE]

Some log files referenced in /etc/rsyslog.conf may be created by other programs and may require exclusion from consideration.

If the group-owner is not root, this is a finding.

Vulnerability Number

V-208871

Documentable

False

Rule Version

OL6-00-000134

Severity Override Guidance

The group-owner of all log files written by "rsyslog" should be root. These log files are determined by the second part of each Rule line in "/etc/rsyslog.conf" and typically all appear in "/var/log". To see the group-owner of a given log file, run the following command:

$ ls -l [LOGFILE]

Some log files referenced in /etc/rsyslog.conf may be created by other programs and may require exclusion from consideration.

If the group-owner is not root, this is a finding.

Check Content Reference

M

Target Key

2928

Comments