STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide

V-260504

CAT II (Medium)

Ubuntu 22.04 LTS must configure the files used by the system journal to be group-owned by "systemd-journal".

Rule ID

SV-260504r1184058_rule

STIG

Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-001314

Discussion

Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, personally identifiable information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives. The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.

Check Content

Verify the /run/log/journal and /var/log/journal files are group-owned by "systemd-journal" by using the following command: 
 
     $ sudo find /run/log/journal /var/log/journal  -type f -exec stat -c "%n %G" {} \; 
     /var/log/journal/3b018e681c904487b11671b9c1987cce/system@99dcc72bb1134aaeae4bf157aa7606f4-0000000000003c7a-0006073f8d1c0fec.journal systemd-journal 
     /var/log/journal/3b018e681c904487b11671b9c1987cce/system.journal systemd-journal 
     /var/log/journal/3b018e681c904487b11671b9c1987cce/user-1000.journal systemd-journal 
     /var/log/journal/3b018e681c904487b11671b9c1987cce/user-1000@bdedf14602ff4081a77dc7a6debc8626-00000000000062a6-00060b4b414b617a.journal systemd-journal 
     /var/log/journal/3b018e681c904487b11671b9c1987cce/system@99dcc72bb1134aaeae4bf157aa7606f4-0000000000005301-000609a409
593.journal systemd-journal 
     /var/log/journal/3b018e681c904487b11671b9c1987cce/system@99dcc72bb1134aaeae4bf157aa7606f4-0000000000000001-000604dae53225ee.journal systemd-journal 
     /var/log/journal/3b018e681c904487b11671b9c1987cce/user-1000@bdedf14602ff4081a77dc7a6debc8626-000000000000083b-000604dae72c7e3b.journal systemd-journal 
 
If any output returned is not group-owned by "systemd-journal", this is a finding.

Fix Text

Configure Ubuntu 22.04 LTS to set the appropriate group-ownership to the files used by the systemd journal.
 
Create a drop-in file if it does not already exist with the following command:

$ sudo vi /etc/tmpfiles.d/zzz-systemd-stig.conf
 
Add or modify the following lines in the "/usr/lib/tmpfiles.d/zzz-systemd-stig.conf" file: 
 
z /var/log/journal/%m/system.journal 0640 root systemd-journal - -
 
Restart the system for the changes to take effect.