iCompaas Support

Profile Applicability:
Level 1

Description:
 Logfiles contain sensitive system and security information. Proper access permissions on logfiles prevent unauthorized users from viewing or modifying log data, which is essential for maintaining log integrity and confidentiality.

Rationale:
 Configuring appropriate access controls on logfiles ensures that only authorized personnel can access or modify logs, protecting against tampering and information disclosure.

Impact:
 Pros:

• Protects log confidentiality and integrity.
  

• Supports forensic investigations and compliance requirements.
  

Cons:

• Misconfigured permissions may restrict necessary access or complicate log management.
  

Default Value:
 Logfiles may have default permissions that are too permissive in some environments.

Pre-requisites:

• Root or sudo privileges to modify file permissions.
  

Remediation:

Test Plan:

Using Linux command line:

1. Identify critical logfiles and check their permissions:

   ls -l /var/log/

2. Verify that permissions are set to restrict access appropriately (e.g., 640 or stricter) and ownership is assigned to root or appropriate service users.
   

Implementation Plan:

Using Linux command line:

1. Set permissions and ownership on logfiles:

   chmod 640 /var/log/<logfile>
   chown root:adm /var/log/<logfile>

2.  Apply changes recursively if necessary:

   chmod -R 640 /var/log/
   chown -R root:adm /var/log/

3. Verify updated permissions:

   ls -l /var/log/

   
   

Backout Plan:

Using Linux command line:

1. Restore previous permissions and ownership if needed:

   chmod <previous_permissions> /var/log/<logfile>
   chown <previous_owner>:<previous_group> /var/log/<logfile>

2. Verify restored settings.
   

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• Linux File Permissions
  

• NIST SP 800-53 Revision 5 - SI-4