STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Anduril NixOS Security Technical Implementation Guide

V-268117

CAT II (Medium)

NixOS systemd-journald directory must have a mode of 2755 or less permissive.

Rule ID

SV-268117r1131034_rule

STIG

Anduril NixOS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000162

Discussion

Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit NixOS system activity.

Check Content

Verify NixOS protects log information from unauthorized read access by implementing a mode of 2755 or less on the creation of log directories with the following command: 

$ sudo find /var/log/journal -type d -perm -2755 -not -perm 2755 -printf "%p %m\n"

If any directories have a permission of greater than 2755, this is a finding.

Fix Text

The systemd-journald directories are by design set to 2755 mode.

If any directories are found with incorrect perms, correct them with the following command:

$ sudo find /var/log/journal -type d -exec chmod 2755 {} \;