---
title: Verify Permissions on files in the /var/log/apt/.* directory
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Verify Permissions on files in the
  /var/log/apt/.* directory
---

# Verify Permissions on files in the /var/log/apt/.* directory
 
## Description{% #description %}

To properly set the permissions of `/var/log/apt/.*`, run the command:

```gdscript3
$ sudo chmod 0644 /var/log/apt/.*
```

## Rationale{% #rationale %}

The `/var/log/apt` directory contains information about APT and should only be accessed by authorized personnel.

## Remediation{% #remediation %}

### Shell script{% #shell-script %}

The following script can be run on the host to remediate the issue.

```bash
#!/bin/bash

find -P /var/log/apt/ -maxdepth 1 -perm /u+xs,g+xws,o+xwt  -type f -regextype posix-extended -regex '^.*$' -exec chmod u-xs,g-xws,o-xwt {} \;
```

### Ansible playbook{% #ansible-playbook %}

The following playbook can be run with Ansible to remediate the issue.

```gdscript3
- name: Find /var/log/apt/ file(s)
  ansible.builtin.command: find -P /var/log/apt/ -maxdepth 1 -perm /u+xs,g+xws,o+xwt  -type
    f -regextype posix-extended -regex "^.*$"
  register: files_found
  changed_when: false
  failed_when: false
  check_mode: false
  tags:
  - configure_strategy
  - file_permissions_var_log_apt
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

- name: Set permissions for /var/log/apt/ file(s)
  ansible.builtin.file:
    path: '{{ item }}'
    mode: u-xs,g-xws,o-xwt
    state: file
  with_items:
  - '{{ files_found.stdout_lines }}'
  tags:
  - configure_strategy
  - file_permissions_var_log_apt
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
```