The operating system must reveal error messages only to authorized personnel.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| low | V-216439 | SRG-OS-000206 | SOL-11.1-070240 | SV-216439r958566_rule | 2024-11-25 | 3 |
| Description |
|---|
| Proper file permissions and ownership ensures that only designated personnel in the organization can access error messages. |
| ℹ️ Check |
|---|
| Check the permissions of the /var/adm/messages file: # ls -l /var/adm/messages Check the permissions of the /var/adm directory: # ls -ld /var/adm If the owner and group of /var/adm/messages is not root and the permissions are not 640, this is a finding. If the owner of /var/adm is not root, group is not sys, and the permissions are not 750, this is a finding. |
| ✔️ Fix |
|---|
| The root role is required. Change the permissions and owner on the /var/adm/messages file: # chmod 640 /var/adm/messages # chown root /var/adm/messages # chgrp root /var/adm/messages Change the permissions and owner on the /var/adm directory: # chmod 750 /var/adm # chown root /var/adm # chgrp sys /var/adm |