4.2.2.3 Ensure syslog-ng default file permissions configured (Scored)
Profile Applicability
Level 1 - Server Level 1 - Workstation
Description
syslog-ng will create logfiles that do not already exist on the system. This setting controls what permissions will be applied to these newly created files.
Rationale
It is important to ensure that log files exist and have the correct permissions to ensure that sensitive syslog-ng data is archived and protected.
Audit
Run the following command and verify the perm option is 0640 or more restrictive:
# grep ^options /etc/syslog-ng/syslog-ng.conf
options { chain_hostnames(off); flush_lines(0); perm(0640); stats_freq(3600);
threaded(yes); };
Remediation
Edit the /etc/syslog-ng/syslog-ng.conf and set perm option to 0640 or more restrictive:
options { chain_hostnames(off); flush_lines(0); perm(0640); stats_freq(3600); threaded(yes); };
References
See the syslog-ng man pages for more information.