Title

Log file permissions have not been configured to restrict unauthorized users (Cat II impact)

Discussion

It is critical to protect system log files from being modified or accessed by unauthorized individuals. Some logs may contain sensitive data that should only be available to the virtualization server administrator.

Check Content

On the ESX Server service console review the following log file permissions. For each file or folder perform the following: # ls –lL /var/log OR # ls –lL /var/log/(directory) Log Location Permission /var/log/boot.log 600 /var/log/cron 600 /var/log/dmesg 640 /var/log/initrdlogs/ 600 /var/log/ksyms 600 /var/log/maillog 600 /var/log/messages 600 /var/log/oldconf/ 700 /var/log/rpmpkgs 600 /var/log/secure 600 /var/log/spooler 600 /var/log/storageMonitor 600 /var/log/sudolog 600 /var/log/vmkernel 600 /var/log/vmkproxy 600 /var/log/vmksummary 600 /var/log/vmksummary.d/ 600 /var/log/vmkwarning 600 /var/log/vmware/ 700 If any of the directories or files do not match the table above, this is a finding.

Fix Text

Restrict unauthorized users from log files.

Additional Identifiers

Rule ID: SV-16783r1_rule

Vulnerability ID: V-15842

Group Title: Log files are not restricted to unauthorized users

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.