NixOS systemd-journald directory must have a mode of 2755 or less permissive.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-268117 | ANIX-00-000590 | SV-268117r1131034_rule | CCI-000162 | medium |
| Description | ||||
| Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit NixOS system activity. | ||||
| STIG | Date | |||
| Anduril NixOS Security Technical Implementation Guide | 2025-08-19 | |||
Details
Check Text (C-268117r1131034_chk)
Verify NixOS protects log information from unauthorized read access by implementing a mode of 2755 or less on the creation of log directories with the following command:
$ sudo find /var/log/journal -type d -perm -2755 -not -perm 2755 -printf "%p %m\n"
If any directories have a permission of greater than 2755, this is a finding.
Fix Text (F-71944r1131033_fix)
The systemd-journald directories are by design set to 2755 mode.
If any directories are found with incorrect perms, correct them with the following command:
$ sudo find /var/log/journal -type d -exec chmod 2755 {} \;