4.2.1.7 Ensure journald default file permissions configured
Audit#
First see if there is an override file /etc/tmpfiles.d/systemd.conf. If so, this file will override all default settings as defined in /usr/lib/tmpfiles.d/systemd.conf and should be inspected.
If there is no override file, inspect the default /usr/lib/tmpfiles.d/systemd.conf against the site specific requirements.
Ensure that file permissions are 0640.
Should a site policy dictate less restrictive permissions, ensure to follow said policy.
NOTE: More restrictive permissions such as 0600 is implicitly sufficient.
Remediation#
If the default configuration is not appropriate for the site specific requirements, copy /usr/lib/tmpfiles.d/systemd.conf to /etc/tmpfiles.d/systemd.conf and modify as required. Requirements is either 0640 or site policy if that is less restrictive.