1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
|
documentation_complete: true
title: 'Verify Permissions on lastlog Command'
description: |-
{{{ describe_file_permissions(file="/usr/bin/lastlog", perms="0750") }}}
rationale: |-
Unauthorized disclosure of the contents of the /var/log/lastlog file can reveal system data to
attackers, thus compromising its confidentiality.
severity: medium
references:
nist: SI-11(b),SI-11(c),SI-11.1(iv)
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-020262
ocil_clause: '{{{ ocil_clause_file_permissions(file="/usr/bin/lastlog", perms="-rwxr-x---") }}}'
ocil: |-
{{{ ocil_file_permissions(file="/usr/bin/lastlog", perms="-rwxr-x---") }}}
fixtext: '{{{ fixtext_directory_permissions(file="/usr/bin/lastlog/", mode="0750") }}}'
srg_requirement: '{{{ srg_requirement_directory_permission(file="/usr/bin/lastlog", mode="0750") }}}'
template:
name: file_permissions
vars:
filepath: /usr/bin/lastlog
filemode: '0750'
|