STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

System log files must have mode 0640 or less permissive.

DISA Rule

SV-226493r603265_rule

Vulnerability Number

V-226493

Group Title

SRG-OS-000206

Rule Version

GEN001260

Severity

CAT II

CCI(s)

• CCI-001314 - The information system reveals error messages only to organization-defined personnel or roles.

Weight

10

Fix Recommendation

Change the mode of the system log file(s) to 0640 or less permissive.

Procedure:
# chmod "0640" /path/to/system-log-file

NOTE: Do not confuse system log files with audit logs. Any subsystems that require less stringent permissions must be documented.

Check Contents

Check the mode of log file hierarchies.

Procedure:
# ls -lLRa /var/log /var/adm

If any of the log files or their directories have modes more permissive than "0640", and these are not documented, this is a finding.

Vulnerability Number

V-226493

Documentable

False

Rule Version

GEN001260

Severity Override Guidance

Check the mode of log file hierarchies.

Procedure:
# ls -lLRa /var/log /var/adm

If any of the log files or their directories have modes more permissive than "0640", and these are not documented, this is a finding.

Check Content Reference

M

Target Key

4060

Comments