Verify Permissions on files in the /var/log/apt/.* directory

Docs > Plateforme de sécurité Datadog > OOTB Rules > Verify Permissions on files in the /var/log/apt/.* directory

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

To properly set the permissions of /var/log/apt/.*, run the command:

$ sudo chmod 0644 /var/log/apt/.*

Rationale

The /var/log/apt directory contains information about APT and should only be accessed by authorized personnel.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

#!/bin/bash

find -L /var/log/apt/ -maxdepth 1 -perm /u+xs,g+xws,o+xwt  -type f -regextype posix-extended -regex '^.*$' -exec chmod u-xs,g-xws,o-xwt {} \;

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Find /var/log/apt/ file(s)
  command: find -L /var/log/apt/ -maxdepth 1 -perm /u+xs,g+xws,o+xwt  -type f -regextype
    posix-extended -regex "^.*$"
  register: files_found
  changed_when: false
  failed_when: false
  check_mode: false
  tags:
  - configure_strategy
  - file_permissions_var_log_apt
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

- name: Set permissions for /var/log/apt/ file(s)
  file:
    path: '{{ item }}'
    mode: u-xs,g-xws,o-xwt
    state: file
  with_items:
  - '{{ files_found.stdout_lines }}'
  tags:
  - configure_strategy
  - file_permissions_var_log_apt
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed