e124b39a80
Ubuntu's default (0400) is more strict than the STIG requirement (0640). (Noted in docs) Change-Id: I198cd6b4d5eac181e22f11c452247d6abacc2d85
8 lines
378 B
ReStructuredText
8 lines
378 B
ReStructuredText
Ubuntu 14.04 sets logs in ``/var/log/audit`` to mode ``0400`` by default,
|
|
which makes sense because only the root user should be able to view the
|
|
logs. No users should ever be adjusting or editing the audit logs.
|
|
|
|
The STIG requirement states that log files must have mode ``0640`` or less.
|
|
The Ansible tasks in this role will set the mode to ``0400`` to match
|
|
Ubuntu's default.
|