e57593dfd4
With the upcoming changes to rebase onto the RHEL 7 STIG controls, there needs to be a new solution for documentation that is easier to manage and filter. This patch automates the generation of the STIG control documentation in the following way: * A Sphinx extension runs early in the doc build process that writes all of the individual STIG control docs as well as ToC pages. * ToC pages are now sorted by severity, tag, and implementation status. * A giant listing of controls is easier to navigate now. * Docs are generated from metadata in the /doc/metadata directory. New documentation only needs to be added there. (Will explain this in the developer notes in a subsequent patch.) Implements: blueprint security-rhel7-stig Change-Id: I455af1121049f52193e98e2c9cb1ba5d4c292386
15 lines
473 B
ReStructuredText
15 lines
473 B
ReStructuredText
---
|
|
id: V-38498
|
|
status: implemented
|
|
tag: misc
|
|
---
|
|
|
|
Ubuntu and CentOS set the current audit log (the one that is actively being
|
|
written to) to ``0600`` so that only the root user can read and write to it.
|
|
The older, rotated logs are set to ``0400`` since they should not receive
|
|
any more writes.
|
|
|
|
The STIG requirement states that log files must have mode ``0640`` or less. The
|
|
security role will remove any permissions that are not allowed by the STIG
|
|
(``u-x,g-wx,o-rwx``).
|