Title: Ensure journald default file permissions configured Description: Journald will create logfiles that do not already exist on the system. This setting controls what permissions will be applied to these newly created files. Rationale: It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected. Audit: First see if there is an override file /etc/tmpfiles.d/systemd.conf . If so, this file will override all default settings as defined in /usr/lib/tmpfiles.d/systemd.conf and should be inspected. If there is no override file, inspect the default /usr/lib/tmpfiles.d/systemd.conf against the site specific requirements. Ensure that file permissions are 0640 . Should a site policy dictate less re strictive permissions, ensure tofollow said policy. NOTE: More restrictive permissions such as 0600 is implicitly sufficient. Remediation: If the default configuration is not appropriate for the site specific requirements, copy /usr/lib/tmpfiles.d/system d.conf to /etc/tmpfiles.d/systemd.conf and modify as required. Requirements is either 0640 or site policy if that is less restrictive. Additional Information: See man 5 tmpfiles.d for detailed information on the permission sets for the relevant log files. Further information withexamples can be found at https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

[640]

Remediation: If the default configuration is not appropriate for the site specific requirements, copy /usr/lib/tmpfiles.d/system d.conf to /etc/tmpfiles.d/systemd.conf and modify as required. Requirements is either 0640 or site policy if that is less restrictive. Additional Information: See man 5 tmpfiles.d for detailed information on the permission sets for the relevant log files. Further information withexamples can be found at https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html