CCE-55025-1Platform: cpe:/o:redhat:enterprise_linux:8,cpe:/o:redhat:enterprise_linux:9 | Date: (C)2024-01-08 (M)2024-01-28 |
Title:
Ensure journald default file permissions configured
Description:
Journald will create logfiles that do not already exist on the system. This setting controls
what permissions will be applied to these newly created files.
Rationale:
It is important to ensure that log files have the correct permissions to ensure that sensitive
data is archived and protected.
Audit:
First see if there is an override file /etc/tmpfiles.d/systemd.conf . If so, this file will
override all default settings as defined in /usr/lib/tmpfiles.d/systemd.conf and should
be inspected.
If there is no override file, inspect the default /usr/lib/tmpfiles.d/systemd.conf against
the site specific requirements.
Ensure that file permissions are 0640 .
Should a site policy dictate less re strictive permissions, ensure tofollow said policy.
NOTE: More restrictive permissions such as 0600 is implicitly sufficient.
Remediation:
If the default configuration is not appropriate for the site specific requirements, copy
/usr/lib/tmpfiles.d/system d.conf to /etc/tmpfiles.d/systemd.conf and modify as
required. Requirements is either 0640 or site policy if that is less restrictive.
Additional Information:
See man 5 tmpfiles.d for detailed information on the permission sets for the relevant log
files. Further information withexamples can be found at
https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
Parameter:
[640]
Technical Mechanism:
Remediation:
If the default configuration is not appropriate for the site specific requirements, copy
/usr/lib/tmpfiles.d/system d.conf to /etc/tmpfiles.d/systemd.conf and modify as
required. Requirements is either 0640 or site policy if that is less restrictive.
Additional Information:
See man 5 tmpfiles.d for detailed information on the permission sets for the relevant log
files. Further information withexamples can be found at
https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.8 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:96264 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97251 |