Skip to content

4.2.1.7 Ensure journald default file permissions configured

Audit#

First see if there is an override file /etc/tmpfiles.d/systemd.conf. If so, this file will override all default settings as defined in /usr/lib/tmpfiles.d/systemd.conf and should be inspected.

If there is no override file, inspect the default /usr/lib/tmpfiles.d/systemd.conf against the site specific requirements.

Ensure that file permissions are 0640.

Should a site policy dictate less restrictive permissions, ensure to follow said policy.

NOTE: More restrictive permissions such as 0600 is implicitly sufficient.

Remediation#

If the default configuration is not appropriate for the site specific requirements, copy /usr/lib/tmpfiles.d/systemd.conf to /etc/tmpfiles.d/systemd.conf and modify as required. Requirements is either 0640 or site policy if that is less restrictive.