4.2.1.3 Ensure rsyslog default file permissions configured (Scored)

Level 1 - Server 
Level 1 - Workstation

Description

rsyslog will create logfiles that do not already exist on the system. This setting controls what permissions will be applied to these newly created files.

It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected.

Run the following command and verify that $FileCreateMode is 0640 or more restrictive:

# grep ^\$FileCreateMode /etc/rsyslog.conf

Edit the /etc/rsyslog.conf and set $FileCreateMode to 0640 or more restrictive:

$FileCreateMode 0640

See the rsyslog.conf(5) man page for more information.

You should also ensure this is not overridden with less restrictive settings in any /etc/rsyslog.d/* conf file.

4.2.1.3 Ensure rsyslog default file permissions configured (Scored)

Profile Applicability

Description

Rationale

Audit

Remediation

References

Notes

SecScan