Fix excluded_files and recursive for UBTU-20-010416

The STIG for UBTU-20-010416 specifies the need to exclude b/wtmp and lastlog files. Additionally, all logs under /var/log should have the intended permissions being at least 0640 or less permissive.
rumch-se · Sep 8, 2023 · cf85f18 · cf85f18
1 parent c382b19
commit cf85f18
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 14 deletions.
diff --git a/linux_os/guide/system/permissions/files/permissions_local_var_log/bash/ubuntu.sh b/linux_os/guide/system/permissions/files/permissions_local_var_log/bash/ubuntu.sh
diff --git a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml
@@ -56,8 +56,12 @@ template:
     name: file_permissions
     vars:
         excluded_files@sle15: ['*[bw]tmp', '*lastlog']
+        excluded_files@ubuntu2004: ['history.log', 'eipp.log.xz', '*[bw]tmp', '*lastlog']
+        excluded_files@ubuntu2204: ['history.log', 'eipp.log.xz', '*[bw]tmp', '*lastlog']
         file_regex: '.*'
         filemode: '0640'
         filepath: /var/log/
         recursive@sle12: 'true'
         recursive@sle15: 'true'
+        recursive@ubuntu2004: 'true'
+        recursive@ubuntu2204: 'true'