====== 4.2.1.3 Ensure rsyslog default file permissions configured (Scored) ======
=====Profile Applicability=====  
<code>
Level 1 - Server 
Level 1 - Workstation
</code>
=====Description=====
''rsyslog'' will create logfiles that do not already exist on the system. This setting controls what permissions will be applied to these newly created files.
=====Rationale=====
It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected.
=====Audit===== 
Run the following command and verify that ''$FileCreateMode'' is ''0640'' or more restrictive:
<Code:bash>
# grep ^\$FileCreateMode /etc/rsyslog.conf
</Code>
=====Remediation===== 
Edit the /etc/rsyslog.conf and set $FileCreateMode to 0640 or more restrictive:
<Code:bash>
$FileCreateMode 0640
</Code>
=====References===== 
See the ''rsyslog.conf(5)'' man page for more information.
=====Notes===== 
You should also ensure this is not overridden with less restrictive settings in any ''/etc/rsyslog.d/*'' conf file.