Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-226493 | GEN001260 | SV-226493r505925_rule | Medium |
Description |
---|
If the system log files are not protected, unauthorized users could change the logged data, eliminating its forensic value. |
STIG | Date |
---|---|
Solaris 10 SPARC Security Technical Implementation Guide | 2020-09-04 |
Check Text ( C-28654r482864_chk ) |
---|
Check the mode of log file hierarchies. Procedure: # ls -lLRa /var/log /var/adm If any of the log files or their directories have modes more permissive than "0640", and these are not documented, this is a finding. |
Fix Text (F-28642r482865_fix) |
---|
Change the mode of the system log file(s) to 0640 or less permissive. Procedure: # chmod "0640" /path/to/system-log-file NOTE: Do not confuse system log files with audit logs. Any subsystems that require less stringent permissions must be documented. |