Verify User Who Owns /var/log/syslog File
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
To properly set the owner of /var/log/syslog, run the command:
$ sudo chown syslog /var/log/syslog
Rationale
The /var/log/syslog file contains logs of error messages in
the system and should only be accessed by authorized personnel.
Ansible playbook
The following playbook can be run with Ansible to remediate the issue.
- name: Gather the package facts
package_facts:
manager: auto
tags:
- DISA-STIG-UBTU-20-010421
- configure_strategy
- file_owner_var_log_syslog
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- name: Check that the syslog user is defined
getent:
database: passwd
key: syslog
ignore_errors: true
when: '"rsyslog" in ansible_facts.packages'
tags:
- DISA-STIG-UBTU-20-010421
- configure_strategy
- file_owner_var_log_syslog
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- name: Set the file_owner_var_log_syslog_newown variable if syslog found
set_fact:
file_owner_var_log_syslog_newown: syslog
when:
- '"rsyslog" in ansible_facts.packages'
- ansible_facts.getent_passwd["syslog"] is defined
tags:
- DISA-STIG-UBTU-20-010421
- configure_strategy
- file_owner_var_log_syslog
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- name: Test for existence /var/log/syslog
stat:
path: /var/log/syslog
register: file_exists
when: '"rsyslog" in ansible_facts.packages'
tags:
- DISA-STIG-UBTU-20-010421
- configure_strategy
- file_owner_var_log_syslog
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- name: Ensure owner on /var/log/syslog
file:
path: /var/log/syslog
owner: '{{ file_owner_var_log_syslog_newown }}'
when:
- '"rsyslog" in ansible_facts.packages'
- file_exists.stat is defined and file_exists.stat.exists
tags:
- DISA-STIG-UBTU-20-010421
- configure_strategy
- file_owner_var_log_syslog
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
