Permissions of /var/log/apt/eipp.log.xz

tom-krieger / cis_security_hardening

Define a complete security baseline and monitor the baseline's rules. The definition of the baseline should be done in Hiera. The purpose of the module is to give the ability to setup a complete security baseline which not necessarily have to stick to industry security guides like the CIS benchmarks.

Apache License 2.0

18 stars 13 forks source link

Permissions of /var/log/apt/eipp.log.xz #82

Open opentokix opened 6 months ago

opentokix commented 6 months ago

This file is under /var/log and is world readable (and getting changes back to world readable) so this will generate endless changes for the puppet runs when you enable

cis_security_hardening::rules::logfile_permissions:enforce: true

Non-world readable generic logfiles is good for the benchmark, but this file need to be ignored somehow.

See answer on the debian mailinglist here

tom-krieger commented 5 months ago

Will check that.

tom-krieger commented 3 months ago

I currently use npwalker-recursive_file_permissions to set the permissions. This module ha as far as i know no exclude lists or something similar. Maybe I can write a PR for the module or use something different.