1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
documentation_complete: true
title: 'Verify owner of system journal directories'
description: |-
Verify the /run/log/journal and /var/log/journal directories are owned by
"root" by using the following command:
<pre>
$ sudo find /run/log/journal /var/log/journal -type d -exec stat -c "%n %U" {} \;
</pre>
If any output returned is not owned by "root", this is a finding.
rationale: |-
Only authorized personnel should be aware of errors and the details of the errors.
Error messages are an indicator of an organization's operational state or can identify
the operating system or platform. Additionally, personally identifiable information
(PII) and operational information must not be revealed through error messages to
unauthorized personnel or their designated representatives.
severity: medium
fixtext: |
Configure the system to set the appropriate ownership to the directories
used by the systemd journal. Add or modify the following lines in the
"/usr/lib/tmpfiles.d/systemd.conf" file:
<pre>
z /run/log/journal 2640 root systemd-journal - -
z /var/log/journal 2640 root systemd-journal - -
</pre>
Restart the system for the changes to take effect.
template:
name: file_owner
vars:
filepath:
- /run/log/journal/
- /var/log/journal/
recursive: 'true'
uid_or_name: '0'
|
