Title

NixOS systemd-journald directory must have a mode of 2755 or less permissive. (Cat II impact)

Discussion

Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit NixOS system activity.

Check Content

Verify NixOS protects log information from unauthorized read access by implementing a mode of 2755 or less on the creation of log directories with the following command: $ sudo find /var/log/journal -type d -perm -2755 -not -perm 2755 -printf "%p %m\n" If any directories have a permission of greater than 2755, this is a finding.

Fix Text

The systemd-journald directories are by design set to 2755 mode. If any directories are found with incorrect perms, correct them with the following command: $ sudo find /var/log/journal -type d -exec chmod 2755 {} \;

Additional Identifiers

Rule ID: SV-268117r1131034_rule

Vulnerability ID: V-268117

Group Title: SRG-OS-000057-GPOS-00027

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.