Usg fix for CIS of logfiles permissions are not persistent
Bug #1965164 reported by
Guilherme T Maeoka
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu Security Guide |
Opinion
|
Undecided
|
David Fernandez Gonzalez | ||
Bug Description
The audit of CIS 4.2.3 "Ensure permissions on all logfiles are configured" still fails after a usg fix of CIS level 1 workstation on Ubuntu 20.04 LTS. It looks like the permissions are not persistent after a reboot.
Adding "create 0640 root root" to the config files in /etc/logrotate.d/ didn't persist as well.
| Changed in ubuntu-security-certifications: | |
| status: | New → In Progress |
| status: | In Progress → Incomplete |
| status: | Incomplete → In Progress |
Revision history for this message
| Adam Bell (arbell) wrote | #1 |
Revision history for this message
| Guilherme T Maeoka (tummy-procedure) wrote | #2 |
| affects: | ubuntu-security-certifications → usg |
| Changed in usg: | |
| assignee: | nobody → David Fernandez Gonzalez (litios) |
Revision history for this message
| David Fernandez Gonzalez (litios) wrote | #3 |
| Changed in usg: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Eduardo Barretto (ebarretto) wrote | #5 |
| Changed in usg: | |
| status: | Fix Committed → In Progress |
| status: | In Progress → Invalid |
| status: | Invalid → Opinion |
To post a comment you must log in.
Hi Guilherme,
Thank you for reporting this!
I've been able to verify that this rule leaves permissions in /var/log/ as-is during hardening (which can be less-restrictive than 0640).
With the non-persistence on your system, does your system revert permissions if you manually `chmod` files in /var/log/ ?
Respectfully,
Adam