Showing results for 
Search instead for 
Did you mean: 

server hardening

robert mead_1
Occasional Contributor

server hardening

one of the parameters we set for hardening is setting log permission to 600 vs 644. when we reboot the system the permission changes back to 644. is there a command to prevent the default configuration from restoring and using the hardening configuration?
James R. Ferguson
Acclaimed Contributor

Re: server hardening

Hi Robert:

Some of the standard log files (e.g. '/var/adm/syslog/syslog.log') are renamed and a new file created during normal 'startup'. In the particular case of this file, the 'umask' is set to 022 before creation of the new file, leaving the final permissions of 644.


Deepak Kr
Respected Contributor

Re: server hardening

hi robert,

can you specify files here.

rc.log and syslog.log are recreated after each reboot.

apart from umask You can also set it using any startup script for permissions here

"There is always some scope for improvement"