====== 4.2.4 Ensure permissions on all logfiles are configured (Scored) ======
=====Profile Applicability=====  
<code>
Level 1 - Server 
Level 1 - Workstation
</code>
=====Description=====
Log files stored in ''/var/log/'' contain logged information from many services on the system, or on log hosts others as well.
=====Rationale=====
It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected.
=====Audit===== 
Run the following command and verify that other has no permissions on any files and group does not have write or execute permissions on any files:
<Code:bash>
# find /var/log -type f -ls
</Code>
=====Remediation===== 
Run the following command to set permissions on all existing log files:
<Code:bash>
# chmod -R g-wx,o-rwx /var/log/*
</Code>
=====Notes=====
You may also need to change the configuration for your logging software or services for any logs that had incorrect permissions.