490d2f4bd8
The tasks for handling auditd log permissions incorrectly set all log files in /var/log/audit to 0400, which prevents auditd from writing to the active log file. This prevents auditd from starting and restarting. The task now removes any permissions explicitly disallowed by V-38498. Any files meeting/exceeding the STIG requirements will not be modified. Closes-bug: 1584942 Change-Id: I1bb2b91ae8a78b1f0304bd4ce0f9a774d65245bd
422 B
422 B
Ubuntu and CentOS set the current audit log (the one that is actively
being written to) to 0600 so that only the root user can
read and write to it. The older, rotated logs are set to
0400 since they should not receive any more writes.
The STIG requirement states that log files must have mode
0640 or less. The security role will remove any permissions
that are not allowed by the STIG (u-x,g-wx,o-rwx).