Set permission on dmesg, wtmp log files
As part the hardening process I set certain logs files to 600, all works fine for the usual suspects, cron, secure, kern.log etc.
However when setting the dmesg log file to 600, after every reboot it gets set back to 644, I understand that this log gets re-created after every boot, so where can I set it permanently? Logrotate doesn't seem to fit this use case.
I also have the same issue for wtmp, I did set this to 600 in logrotate, it was already configured at 644, so I changed, after reboot it backs at 644.
/var/log/wtmp {
monthly
create 0600 root utmp
minsize 1M
rotate 1
}
