3

I am working on tightening the security for various servers (mainly Debian Linux), and one of the tasks is to tighten permissions on files in /var/log so that files are not world readable. But there seems to be a dearth of information on this online.

I'm wary of tightening permissions on log files that require world-readability (e.g. /var/log/wtmp) or are created by applications that may change the permissions back.

I'm also wary of wasting my time on what seem to be negligible-risk logs, like dpkg.log or files in /var/log/installer.

Are there good references online for what the permissions of various log files on Linux (if not specifically Debian) systems should be?

Rob
  • 234
  • 1
  • 3
  • 9
  • 1
    Depending on the risks you've identified you may want to simply remove the logs completely and store them on a remote syslog server. – HBruijn Nov 22 '13 at 12:36
  • @HBruijn Not every application supports remote syslogs. Hence my query. – Rob Nov 22 '13 at 13:49
  • You should not just change permissions, but use something which will make sure they will stay that way. Enter Chef, Puppet or some similar configuration management tool. –  Nov 22 '13 at 15:40
  • @SamiLaine Yes, I am using Puppet. But I need to know WHAT the permissions should be, or what I can change, before using it. – Rob Nov 22 '13 at 15:53
  • As pointed out above, most of the risks should be confronted by redirecting relevant things to remote server and/or eliminating any software, pardon my french, broken enough for not to use syslog(3) and thus be unable to benefit from syslog redirection. –  Nov 22 '13 at 17:42
  • 1
    Redirecting logs to another server, or using Puppet/Chef/Ansible/etc to configure permissions, is orthogonal to my question. – Rob Nov 22 '13 at 17:48

0 Answers0