Description: rsyslog will create logfiles that do not already exist on the system. This setting controls what permissions will be applied to these newly created files. Rationale: It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected. Audit: Run the following command and verify that $FileCreateMode is 0640 or more restrictive: # grep ^$FileCreateMode /etc/rsyslog.conf /etc/rsyslog.d/*.conf Remediation: Edit the /etc/rsyslog.conf and /etc/rsyslog.d/*.conf files and set $FileCreateMode to 0640 or more restrictive: $FileCreateMode 0640 Notes: You should also ensure this is not overridden with less restrictive settings in any /etc/rsyslog.d/* conf file.

[0640]

Edit the /etc/rsyslog.conf and /etc/rsyslog.d/*.conf files and set $FileCreateMode to 0640 or more restrictive: $FileCreateMode 0640