Is there a way to change the permissions to the /var/log/sa/sa* files?

Solution Unverified - Updated -

Issue

The CIS-CAT tool (Security Configuration Assessment Report CIS Red Hat Enterprise Linux 5 Benchmark v1.1.0.11) notes that the access to files located in /var/log/sa should be changed that only root have access to them.

458867 264 -rw-r--r-- 1 root root 265200 Sep 1 23:50 sa/sa01
458869 264 -rw-r--r-- 1 root root 265200 Sep 2 23:50 sa/sa02
458882 264 -rw-r--r-- 1 root root 265200 Sep 3 23:50 sa/sa03
458865 304 -rw-r--r-- 1 root root 304864 Sep 1 23:53 sa/sar01
458871 304 -rw-r--r-- 1 root root 304864 Sep 2 23:53 sa/sar02
458881 304 -rw-r--r-- 1 root root 304864 Sep 3 23:53 sa/sar03

The command used to search file that are not compliant with the rule is:

cd /var/log;for f in boot.log* cron* dmesg ksyms* httpd/* maillog* messages* news/* pgsql rpmpkgs* samba/* sa/* scrollkeeper.log secure* spooler* squid/* vbox/* utmp; do find $f -maxdepth 0 -perm /o=rwx -ls 2>/dev/null; done

Is there an easy way configure sar to write this files unreadable for others?

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content