STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

DISA Rule

SV-238337r654186_rule

Vulnerability Number

V-238337

Group Title

SRG-OS-000205-GPOS-00083

Rule Version

UBTU-20-010416

Severity

CAT II

CCI(s)

• CCI-001312 - The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to set permissions of all log files under the "/var/log" directory to 640 or more restricted by using the following command:

$ sudo find /var/log -perm /137 -type f -exec chmod 640 '{}' \;

Check Contents

Verify the Ubuntu operating system has all system log files under the "/var/log" directory with a permission set to 640 or less permissive by using the following command:

$ sudo find /var/log -perm /137 -type f -exec stat -c "%n %a" {} \;

If the command displays any output, this is a finding.

Vulnerability Number

V-238337

Documentable

False

Rule Version

UBTU-20-010416

Severity Override Guidance

Verify the Ubuntu operating system has all system log files under the "/var/log" directory with a permission set to 640 or less permissive by using the following command:

$ sudo find /var/log -perm /137 -type f -exec stat -c "%n %a" {} \;

If the command displays any output, this is a finding.

Check Content Reference

M

Target Key

5318

Comments