Audit log file perms
John C. A. Bambenek, GCIH, CISSP
bambenek.infosec at gmail.com
Wed Aug 21 19:34:36 UTC 2013
Files have right permissions but the directory itself keeps reverting to
root:root and 700.
On Thursday, August 1, 2013, Steve Grubb wrote:
> On Thursday, August 01, 2013 12:34:20 PM John Bambenek wrote:
> > What controls that?
>
> The audit daemon.
>
> > I have noticed /var/log/audit directory changes to a
> > default setting quickly and file rotation resets it as well.
>
> It defaults to 0600 unless you have set something for log_group and in that
> case you get 0640. Rotation is done using the rename syscall, so no
> permissions should be changing. Logs are created as 0640 root, root. But
> get
> modified as the audit daemon gets more of its configuration parsed.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com <javascript:;>
> https://www.redhat.com/mailman/listinfo/linux-audit
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20130821/4bfc4225/attachment.htm>
More information about the Linux-audit
mailing list