STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← SI-11 — Error Handling

CCI-001314

Definition

Reveal error messages only to organization-defined personnel or roles.

Parent Control

SI-11Error HandlingSystem and Information Integrity

Linked STIG Checks (200)

V-237058CAT IIThe A10 Networks ADC must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).A10 Networks ADC ALG Security Technical Implementation GuideV-255601CAT IIThe A10 Networks ADC must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).A10 Networks ADC NDM Security Technical Implementation GuideV-279036CAT IIThe ColdFusion log information must be protected from any type of unauthorized read access by having file ownership set properly.Adobe ColdFusion Security Technical Implementation GuideV-279072CAT IIThe ColdFusion error messages must be restricted to only authorized users.Adobe ColdFusion Security Technical Implementation GuideV-76453CAT IKona Site Defender must reveal error messages only to the ISSO, ISSM, and SCA.Akamai KSD Service Impact Level 2 ALG Security Technical Implementation GuideV-274108CAT IIAmazon Linux 2023 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.Amazon Linux 2023 Security Technical Implementation GuideV-274109CAT IIAmazon Linux 2023 audit log directory must be owned by root to prevent unauthorized read access.Amazon Linux 2023 Security Technical Implementation GuideV-274110CAT IIAmazon Linux 2023 audit logs file must have mode "0600" or less permissive to prevent unauthorized access to the audit log.Amazon Linux 2023 Security Technical Implementation GuideV-274116CAT IIAmazon Linux 2023 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.Amazon Linux 2023 Security Technical Implementation GuideV-274117CAT IIAmazon Linux 2023 must ensure the audit log directory be owned by root to prevent unauthorized read access.Amazon Linux 2023 Security Technical Implementation GuideV-274125CAT IIAmazon Linux 2023 must ensure the /var/log directory have mode "0755" or less permissive.Amazon Linux 2023 Security Technical Implementation GuideV-274126CAT IIAmazon Linux 2023 must ensure the /var/log directory be owned by root.Amazon Linux 2023 Security Technical Implementation GuideV-274127CAT IIAmazon Linux 2023 must ensure the /var/log directory be group-owned by root.Amazon Linux 2023 Security Technical Implementation GuideV-274128CAT IIAmazon Linux 2023 must ensure the /var/log/messages file have mode "0640" or less permissive.Amazon Linux 2023 Security Technical Implementation GuideV-274129CAT IIAmazon Linux 2023 must ensure the /var/log/messages file be group-owned by root.Amazon Linux 2023 Security Technical Implementation GuideV-274130CAT IIAmazon Linux 2023 must ensure the /var/log/messages file be owned by root.Amazon Linux 2023 Security Technical Implementation GuideV-268110CAT IINixOS audit daemon must generate logs that are group-owned by root.Anduril NixOS Security Technical Implementation GuideV-268111CAT IINixOS audit directory and logs must be owned by root to prevent unauthorized read access.Anduril NixOS Security Technical Implementation GuideV-268112CAT IINixOS audit directory and logs must be group-owned by root to prevent unauthorized read access.Anduril NixOS Security Technical Implementation GuideV-268114CAT IINixOS audit logs must have a mode of 0600 or less permissive.Anduril NixOS Security Technical Implementation GuideV-268115CAT IINixOS journald directory and logs must be owned by root to prevent unauthorized read access.Anduril NixOS Security Technical Implementation GuideV-268116CAT IINixOS journald directory and logs must be group-owned by systemd-journald to prevent unauthorized read access.Anduril NixOS Security Technical Implementation GuideV-222976CAT IIIDefault error pages for manager application must be customized.Apache Tomcat Application Server 9 Security Technical Implementation GuideV-222977CAT IIErrorReportValve showReport must be set to false.Apache Tomcat Application Server 9 Security Technical Implementation GuideV-252452CAT IIThe macOS system must be configured so that log files must not contain access control lists (ACLs).Apple macOS 12 (Monterey) Security Technical Implementation GuideV-252531CAT IIThe macOS system must be configured with system log files owned by root and group-owned by wheel or admin.Apple macOS 12 (Monterey) Security Technical Implementation GuideV-252532CAT IIThe macOS system must be configured with system log files set to mode 640 or less permissive.Apple macOS 12 (Monterey) Security Technical Implementation GuideV-257158CAT IIThe macOS system must be configured so that log files do not contain access control lists (ACLs).Apple macOS 13 (Ventura) Security Technical Implementation GuideV-257237CAT IIThe macOS system must be configured with system log files owned by root and group-owned by wheel or admin.Apple macOS 13 (Ventura) Security Technical Implementation GuideV-257238CAT IIThe macOS system must be configured with system log files set to mode 640 or less permissive.Apple macOS 13 (Ventura) Security Technical Implementation GuideV-268494CAT IIThe macOS system must disable sending diagnostic and usage data to Apple.Apple macOS 15 (Sequoia) Security Technical Implementation GuideV-268550CAT IIThe macOS system must configure Apple System Log (ASL) files owned by root and group to wheel.Apple macOS 15 (Sequoia) Security Technical Implementation GuideV-268551CAT IIThe macOS system must configure Apple System Log (ASL) files to mode 640 or less permissive.Apple macOS 15 (Sequoia) Security Technical Implementation GuideV-268552CAT IIThe macOS system must configure system log files owned by root and group to wheel.Apple macOS 15 (Sequoia) Security Technical Implementation GuideV-268553CAT IIThe macOS system must configure system log files to mode 640 or less permissive.Apple macOS 15 (Sequoia) Security Technical Implementation GuideV-277101CAT IIThe macOS system must disable sending diagnostic and usage data to Apple.Apple macOS 26 (Tahoe) Security Technical Implementation GuideV-277158CAT IIThe macOS system must configure Apple System Log (ASL) files owned by root and group to wheel.Apple macOS 26 (Tahoe) Security Technical Implementation GuideV-277159CAT IIThe macOS system must configure Apple System Log (ASL) files to mode 640 or less permissive.Apple macOS 26 (Tahoe) Security Technical Implementation GuideV-277161CAT IIThe macOS system must configure system log files owned by root and group to wheel.Apple macOS 26 (Tahoe) Security Technical Implementation GuideV-277162CAT IIThe macOS system must configure system log files to mode 640 or less permissive.Apple macOS 26 (Tahoe) Security Technical Implementation GuideV-205028CAT IIThe ALG must reveal error messages only to the ISSO, ISSM, and SCA.Application Layer Gateway Security Requirements GuideV-222611CAT IIThe application must reveal error messages only to the ISSO, ISSM, or SA.Application Security and Development Security Technical Implementation GuideV-204775CAT IIThe application server must restrict error messages only to authorized users.Application Server Security Requirements GuideV-237333CAT IIThe ArcGIS Server must reveal error messages only to the ISSO, ISSM, and SA.ArcGIS for Server 10.3 Security Technical Implementation GuideV-276014CAT IAx-OS must off-load audit records onto a different system or media than the system being audited.Axonius Federal Systems Ax-OS Security Technical Implementation GuideV-237411CAT IIThe CA API Gateway must reveal error messages only to the ISSO, ISSM, and SCA.CA API Gateway ALG Security Technical Implementation GuideV-251626CAT IIIDMS must reveal security-related messages only to authorized users.CA IDMS Security Technical Implementation GuideV-251627CAT IICustom database code and associated application code must reveal detailed error messages only to the Information System Security Officer (ISSO), Information System Security manager (ISSM), Systems Administrator (SA), and Database Administrator (DBA).CA IDMS Security Technical Implementation GuideV-219189CAT IIThe Ubuntu operating system must configure the /var/log directory to be group-owned by syslog.Canonical Ubuntu 18.04 LTS Security Technical Implementation GuideV-219190CAT IIThe Ubuntu operating system must configure the /var/log directory to be owned by root.Canonical Ubuntu 18.04 LTS Security Technical Implementation GuideV-219191CAT IIThe Ubuntu operating system must configure the /var/log directory to have mode 0755 or less permissive.Canonical Ubuntu 18.04 LTS Security Technical Implementation GuideV-219192CAT IIThe Ubuntu operating system must configure the /var/log/syslog file to be group-owned by adm.Canonical Ubuntu 18.04 LTS Security Technical Implementation GuideV-219193CAT IIThe Ubuntu operating system must configure /var/log/syslog file to be owned by syslog.Canonical Ubuntu 18.04 LTS Security Technical Implementation GuideV-219194CAT IIThe Ubuntu operating system must configure /var/log/syslog file with mode 0640 or less permissive.Canonical Ubuntu 18.04 LTS Security Technical Implementation GuideV-238338CAT IIThe Ubuntu operating system must configure the /var/log directory to be group-owned by syslog.Canonical Ubuntu 20.04 LTS Security Technical Implementation GuideV-238339CAT IIThe Ubuntu operating system must configure the /var/log directory to be owned by root.Canonical Ubuntu 20.04 LTS Security Technical Implementation GuideV-238340CAT IIThe Ubuntu operating system must configure the /var/log directory to have mode "0755" or less permissive.Canonical Ubuntu 20.04 LTS Security Technical Implementation GuideV-238341CAT IIThe Ubuntu operating system must configure the /var/log/syslog file to be group-owned by adm.Canonical Ubuntu 20.04 LTS Security Technical Implementation GuideV-238342CAT IIThe Ubuntu operating system must configure /var/log/syslog file to be owned by syslog.Canonical Ubuntu 20.04 LTS Security Technical Implementation GuideV-238343CAT IIThe Ubuntu operating system must configure /var/log/syslog file with mode 0640 or less permissive.Canonical Ubuntu 20.04 LTS Security Technical Implementation GuideV-260488CAT IIUbuntu 22.04 LTS must configure the "/var/log" directory to have mode "755" or less permissive.Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-260491CAT IIUbuntu 22.04 LTS must configure "/var/log/syslog" file with mode "640" or less permissive.Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-260501CAT IIUbuntu 22.04 LTS must configure the directories used by the system journal to be owned by "root".Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-260502CAT IIUbuntu 22.04 LTS must configure the directories used by the system journal to be group-owned by "systemd-journal".Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-260503CAT IIUbuntu 22.04 LTS must configure the files used by the system journal to be owned by "root".Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-260504CAT IIUbuntu 22.04 LTS must configure the files used by the system journal to be group-owned by "systemd-journal".Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-260505CAT IIUbuntu 22.04 LTS must be configured so that the "journalctl" command is owned by "root".Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-260506CAT IIUbuntu 22.04 LTS must be configured so that the "journalctl" command is group-owned by "root".Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-260508CAT IIUbuntu 22.04 LTS must configure the "/var/log" directory to be owned by "root".Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-260509CAT IIUbuntu 22.04 LTS must configure the "/var/log" directory to be group-owned by "syslog".Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-260510CAT IIUbuntu 22.04 LTS must configure "/var/log/syslog" file to be owned by "syslog".Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-260511CAT IIUbuntu 22.04 LTS must configure the "/var/log/syslog" file to be group-owned by "adm".Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-270759CAT IIUbuntu 24.04 LTS must be configured so that the "journalctl" command is owned by "root".Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-270760CAT IIUbuntu 24.04 LTS must be configured so that the "journalctl" command is group-owned by "root".Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-270761CAT IIUbuntu 24.04 LTS must configure the directories used by the system journal to be group-owned by "systemd-journal".Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-270762CAT IIUbuntu 24.04 LTS must configure the files used by the system journal to be group-owned by "systemd-journal".Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-270763CAT IIUbuntu 24.04 LTS must configure the directories used by the system journal to be owned by "root".Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-270764CAT IIUbuntu 24.04 LTS must configure the files used by the system journal to be owned by "root"Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-270765CAT IIUbuntu 24.04 LTS must configure the /var/log directory to be group-owned by syslog.Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-270766CAT IIUbuntu 24.04 LTS must configure the /var/log directory to be owned by root.Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-270767CAT IIUbuntu 24.04 LTS must configure the /var/log directory to have mode "0755" or less permissive.Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-270768CAT IIUbuntu 24.04 LTS must configure the /var/log/syslog file to be group-owned by adm.Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-270769CAT IIUbuntu 24.04 LTS must configure /var/log/syslog file to be owned by syslog.Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-270770CAT IIUbuntu 24.04 LTS must configure /var/log/syslog file with mode "0640" or less permissive.Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-269442CAT IIAlmaLinux OS 9 must not show boot up messages.Cloud Linux AlmaLinux OS 9 Security Technical Implementation GuideV-269443CAT IIAlmaLinux OS 9 /var/log directory must be group-owned by root.Cloud Linux AlmaLinux OS 9 Security Technical Implementation GuideV-269444CAT IIAlmaLinux OS 9 /var/log/messages file must be group-owned by root.Cloud Linux AlmaLinux OS 9 Security Technical Implementation GuideV-269445CAT IIAlmaLinux OS 9 /var/log/messages file must be owned by root.Cloud Linux AlmaLinux OS 9 Security Technical Implementation GuideV-269446CAT IIAlmaLinux OS 9 /var/log/messages file must have mode 0640 or less permissive.Cloud Linux AlmaLinux OS 9 Security Technical Implementation GuideV-269447CAT IIAlmaLinux OS 9 /var/log directory must be owned by root.Cloud Linux AlmaLinux OS 9 Security Technical Implementation GuideV-269448CAT IIAlmaLinux OS 9 /var/log directory must have mode 0755 or less permissive.Cloud Linux AlmaLinux OS 9 Security Technical Implementation GuideV-233533CAT IIPostgreSQL must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA.Crunchy Data PostgreSQL Security Technical Implementation GuideV-261909CAT IIPostgreSQL must reveal detailed error messages only to the information system security officer (ISSO), information system security manager (ISSM), system administrator (SA), and database administrator (DBA).Crunchy Data Postgres 16 Security Technical Implementation GuideV-255561CAT IIThe DBN-6300 must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).DBN-6300 NDM Security Technical Implementation GuideV-206579CAT IIThe DBMS must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.Database Security Requirements GuideV-235781CAT IIA policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation GuideV-235782CAT IIA policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation GuideV-224186CAT IIThe EDB Postgres Advanced Server must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation GuideV-213612CAT IIThe EDB Postgres Advanced Server must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.EDB Postgres Advanced Server v9.6 Security Technical Implementation GuideV-259267CAT IIThe EDB Postgres Advanced Server must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation GuideV-228993CAT IIThe application must be configured to reveal error messages only to authorized individuals (ISSO, ISSM, and SA).F5 BIG-IP Device Management Security Technical Implementation GuideV-278388CAT IINGINX must protect audit information from unauthorized access.F5 NGINX Security Technical Implementation GuideV-203664CAT IIThe operating system must reveal error messages only to authorized users.General Purpose Operating System Security Requirements GuideV-215266CAT IIAIX log files must be owned by a system account.IBM AIX 7.x Security Technical Implementation GuideV-215267CAT IIAIX log files must be owned by a system group.IBM AIX 7.x Security Technical Implementation GuideV-215323CAT IIAIX log files must have mode 0640 or less permissive.IBM AIX 7.x Security Technical Implementation GuideV-215324CAT IIAIX log files must not have extended ACLs, except as needed to support authorized software.IBM AIX 7.x Security Technical Implementation GuideV-213714CAT IIDB2 must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.IBM DB2 V10.5 LUW Security Technical Implementation GuideV-250330CAT IIThe WebSphere Liberty Server must be configured to encrypt log information.IBM WebSphere Liberty Server Security Technical Implementation GuideV-255820CAT IIThe WebSphere Application Server security auditing must be enabled.IBM WebSphere Traditional V9.x Security Technical Implementation GuideV-255836CAT IIThe WebSphere Application Server LDAP groups must be authorized for the WebSphere role.IBM WebSphere Traditional V9.x Security Technical Implementation GuideV-223455CAT IICA-ACF2 must limit access to data sets used to back up and/or dump SMF collection files to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS ACF2 Security Technical Implementation GuideV-223554CAT IIIBM z/OS SMF collection files (i.e., SYS1.MANx) access must be limited to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS ACF2 Security Technical Implementation GuideV-223686CAT IIIBM RACF must limit access to data sets used to back up and/or dump SMF collection files to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS RACF Security Technical Implementation GuideV-223701CAT IIIBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS RACF Security Technical Implementation GuideV-223881CAT IIIBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS TSS Security Technical Implementation GuideV-223909CAT IICA-TSS must limit access to data sets used to back up and/or dump SMF collection files to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS TSS Security Technical Implementation GuideV-251035CAT IIIThe Sentry must reveal error messages only to the ISSO, ISSM, and SCA.Ivanti MobileIron Sentry 9.x ALG Security Technical Implementation GuideV-251035CAT IIIThe Sentry must reveal error messages only to the ISSO, ISSM, and SCA.Ivanti Sentry 9.x ALG Security Technical Implementation GuideV-213537CAT IIAccess to JBoss log files must be restricted to authorized users.JBoss Enterprise Application Platform 6.3 Security Technical Implementation GuideV-66545CAT IIThe Juniper SRX Services Gateway must reveal log messages or management console alerts only to the ISSO, ISSM, and SA roles).Juniper SRX SG NDM Security Technical Implementation GuideV-229018CAT IIThe Juniper SRX Services Gateway must generate alerts to the management console and generate a log record that can be forwarded to the ISSO and designated system administrators when the local accounts (i.e., the account of last resort or root account) are deleted.Juniper SRX Services Gateway NDM Security Technical Implementation GuideV-213778CAT IISQL Server must reveal detailed error messages only to the ISSO, ISSM (or their designees), SA and DBA.MS SQL Server 2014 Database Security Technical Implementation GuideV-213978CAT IISQL Server must reveal detailed error messages only to documented and approved individuals or roles.MS SQL Server 2016 Instance Security Technical Implementation GuideV-205525CAT IIThe Mainframe Product must reveal full-text detail error messages only to system programmers and/or security administrators.Mainframe Product Security Requirements GuideV-276306CAT IIAzure SQL Managed Instance must reveal detailed error messages only to the information system security officer (ISSO), information system security manager (ISSM), system administrator (SA), and database administrator (DBA).Microsoft Azure SQL Managed Instance Security Technical Implementation GuideV-272886CAT IIRoles for use with Microsoft Defender for Endpoint (MDE) must be configured within Entra ID.Microsoft Defender for Endpoint Security Technical Implementation GuideV-272887CAT IIMicrosoft Defender for Endpoint (MDE) must be configured for a least privilege model by implementing Unified Role-Based Access Control (RBAC).Microsoft Defender for Endpoint Security Technical Implementation GuideV-271334CAT IISQL Server must reveal detailed error messages only to documented and approved individuals or roles.Microsoft SQL Server 2022 Instance Security Technical Implementation GuideV-253309CAT IIThe system must be configured to audit Account Management - User Account Management failures.Microsoft Windows 11 Security Technical Implementation GuideV-254391CAT IWindows Server 2022 permissions on the Active Directory data files must only allow System and Administrators access.Microsoft Windows Server 2022 Security Technical Implementation GuideV-278138CAT IWindows Server 2025 permissions on the Active Directory data files must only allow system administrators (SAs) access.Microsoft Windows Server 2025 Security Technical Implementation GuideV-221184CAT IIMongoDB must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA.MongoDB Enterprise Advanced 3.x Security Technical Implementation GuideV-252169CAT IIMongoDB must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA.MongoDB Enterprise Advanced 4.x Security Technical Implementation GuideV-265932CAT IIMongoDB must reveal detailed error messages only to the information system security officer (ISSO), information system security manager (ISSM), system administrator (SA), and database administrator (DBA).MongoDB Enterprise Advanced 7.x Security Technical Implementation GuideV-279368CAT IIMongoDB must reveal detailed error messages only to the information system security officer (ISSO), information system security manager (ISSM), system administrator (SA) and database administrator (DBA).MongoDB Enterprise Advanced 8.x Security Technical Implementation GuideV-254116CAT IINutanix AOS must restrict error messages only to authorized users.Nutanix AOS 5.20.x Application Security Technical Implementation GuideV-254233CAT IINutanix AOS must reveal error messages only to authorized users.Nutanix AOS 5.20.x OS Security Technical Implementation GuideV-279451CAT IINutanix AOS must restrict error messages only to authorized users.Nutanix Acropolis Application Server Security Technical Implementation GuideV-279576CAT IINutanix OS must configure the audit log files to be owned by root.Nutanix Acropolis GPOS Security Technical Implementation GuideV-279629CAT IINutanix OS must restrict the message log access permissions to reveal error messages only to authorized users.Nutanix Acropolis GPOS Security Technical Implementation GuideV-279630CAT IINutanix OS must restrict the /var/log directory access permissions to reveal error messages only to authorized users.Nutanix Acropolis GPOS Security Technical Implementation GuideV-219786CAT IIThe DBMS must restrict error messages, so only authorized personnel may view them.Oracle Database 11.2g Security Technical Implementation GuideV-220302CAT IIThe DBMS must restrict error messages so only authorized personnel may view them.Oracle Database 12c Security Technical Implementation GuideV-270584CAT IIOracle Database must restrict error messages so only authorized personnel may view them.Oracle Database 19c Security Technical Implementation GuideV-221899CAT IIThe Oracle Linux operating system must protect audit information from unauthorized read, modification, or deletion.Oracle Linux 7 Security Technical Implementation GuideV-248554CAT IIThe OL 8 "/var/log/messages" file must have mode 0640 or less permissive.Oracle Linux 8 Security Technical Implementation GuideV-248555CAT IIThe OL 8 "/var/log/messages" file must be owned by root.Oracle Linux 8 Security Technical Implementation GuideV-248556CAT IIThe OL 8 "/var/log/messages" file must be group-owned by root.Oracle Linux 8 Security Technical Implementation GuideV-248557CAT IIThe OL 8 "/var/log" directory must have mode 0755 or less permissive.Oracle Linux 8 Security Technical Implementation GuideV-248558CAT IIThe OL 8 "/var/log" directory must be owned by root.Oracle Linux 8 Security Technical Implementation GuideV-248559CAT IIThe OL 8 "/var/log" directory must be group-owned by root.Oracle Linux 8 Security Technical Implementation GuideV-248706CAT IIThe OL 8 lastlog command must be owned by root.Oracle Linux 8 Security Technical Implementation GuideV-248707CAT IIThe OL 8 lastlog command must be group-owned by root.Oracle Linux 8 Security Technical Implementation GuideV-271583CAT IIOL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.Oracle Linux 9 Security Technical Implementation GuideV-271584CAT IIOL 9 audit log directory must be owned by root to prevent unauthorized read access.Oracle Linux 9 Security Technical Implementation GuideV-271585CAT IIOL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log.Oracle Linux 9 Security Technical Implementation GuideV-271818CAT IIOL 9 /var/log directory must be group-owned by root.Oracle Linux 9 Security Technical Implementation GuideV-271819CAT IIOL 9 /var/log directory must be owned by root.Oracle Linux 9 Security Technical Implementation GuideV-271820CAT IIOL 9 /var/log directory must have mode 0755 or less permissive.Oracle Linux 9 Security Technical Implementation GuideV-271821CAT IIOL 9 /var/log/messages file must be group-owned by root.Oracle Linux 9 Security Technical Implementation GuideV-271822CAT IIOL 9 /var/log/messages file must be owned by root.Oracle Linux 9 Security Technical Implementation GuideV-271823CAT IIOL 9 /var/log/messages file must have mode 0640 or less permissive.Oracle Linux 9 Security Technical Implementation GuideV-235995CAT IIOracle WebLogic must restrict error messages so only authorized personnel may view them.Oracle WebLogic Server 12c Security Technical Implementation GuideV-228875CAT IIThe Palo Alto Networks security platform must block traceroutes and ICMP probes originating from untrusted networks (e.g., ISP and other non-DoD networks).Palo Alto Networks ALG Security Technical Implementation GuideV-228659CAT IIAdministrators in the role of Security Administrator, Cryptographic Administrator, or Audit Administrator must not also have the role of Audit Administrator.Palo Alto Networks NDM Security Technical Implementation GuideV-214070CAT IIPostgreSQL must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.PostgreSQL 9.x Security Technical Implementation GuideV-281033CAT IIRHEL 10 must be configured so that the "/var/log" directory is owned by "root".Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281034CAT IIRHEL 10 must be configured so that the "/var/log" directory is group-owned by "root".Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281035CAT IIRHEL 10 must be configured so that the "/var/log/"messages file is owned by root.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281036CAT IIRHEL 10 must be configured so that the "/var/log/messages" file is group-owned by "root".Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281050CAT IIRHEL 10 must enforce group ownership of audit logs by "root" or by a restricted logging group to prevent unauthorized read access.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281051CAT IIRHEL 10 must enforce "root" ownership of the audit log directory to prevent unauthorized read access.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281052CAT IIRHEL 10 must enforce "root" ownership of audit logs to prevent unauthorized access.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281053CAT IIRHEL 10 must enforce group ownership by "root" or a restricted logging group for audit log files to prevent unauthorized access.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281054CAT IIRHEL 10 must set mode "0600" or less permissive for the audit logs file to prevent unauthorized access to the audit log.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281061CAT IIRHEL 10 must enforce mode "0755" or less permissive for the "/var/log" directory.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281062CAT IIRHEL 10 must enforce mode "0640" or less permissive for the "/var/log/messages" file.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-228564CAT IIThe Red Hat Enterprise Linux operating system must protect audit information from unauthorized read, modification, or deletion.Red Hat Enterprise Linux 7 Security Technical Implementation GuideV-230245CAT IIThe RHEL 8 /var/log/messages file must have mode 0640 or less permissive.Red Hat Enterprise Linux 8 Security Technical Implementation GuideV-230246CAT IIThe RHEL 8 /var/log/messages file must be owned by root.Red Hat Enterprise Linux 8 Security Technical Implementation GuideV-230247CAT IIThe RHEL 8 /var/log/messages file must be group-owned by root.Red Hat Enterprise Linux 8 Security Technical Implementation GuideV-230248CAT IIThe RHEL 8 /var/log directory must have mode 0755 or less permissive.Red Hat Enterprise Linux 8 Security Technical Implementation GuideV-230249CAT IIThe RHEL 8 /var/log directory must be owned by root.Red Hat Enterprise Linux 8 Security Technical Implementation GuideV-230250CAT IIThe RHEL 8 /var/log directory must be group-owned by root.Red Hat Enterprise Linux 8 Security Technical Implementation GuideV-257885CAT IIRHEL 9 /var/log directory must have mode 0755 or less permissive.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-257886CAT IIRHEL 9 /var/log/messages file must have mode 0640 or less permissive.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-257914CAT IIRHEL 9 /var/log directory must be owned by root.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-257915CAT IIRHEL 9 /var/log directory must be group-owned by root.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-257916CAT IIRHEL 9 /var/log/messages file must be owned by root.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-257917CAT IIRHEL 9 /var/log/messages file must be group-owned by root.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-258165CAT IIRHEL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-258166CAT IIRHEL 9 audit log directory must be owned by root to prevent unauthorized read access.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-258167CAT IIRHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-275582CAT IIUbuntu OS must configure the "/var/log" directory to have mode "755" or less permissive.Riverbed NetIM OS Security Technical Implementation GuideV-261308CAT IISLEM 5 must prevent unauthorized users from accessing system error messages.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation GuideV-217188CAT IIThe SUSE operating system must prevent unauthorized users from accessing system error messages.SUSE Linux Enterprise Server 12 Security Technical Implementation GuideV-22315CAT IISystem log files must not have extended ACLs, except as needed to support authorized software.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-787CAT IISystem log files must have mode 0640 or less permissive.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-216439CAT IIIThe operating system must reveal error messages only to authorized personnel.Solaris 11 SPARC Security Technical Implementation Guide