STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-22315

CAT II (Medium)

System log files must not have extended ACLs, except as needed to support authorized software.

Rule ID

SV-44948r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-001314

Discussion

If the system log files are not protected, unauthorized users could change the logged data, eliminating its forensic value. Authorized software may be given log file access through the use of extended ACLs when needed and configured to provide the least privileges required.

Check Content

Verify system log files have no extended ACLs.

Procedure:
# ls -lL /var/log

If the permissions include a '+', the file has an extended ACL. If an extended ACL exists, verify with the SA if the ACL is required to support authorized software and provides the minimum necessary permissions. If an extended ACL exists providing access beyond the needs of authorized software, this is a finding.

Fix Text

Remove the extended ACL from the file.

Procedure:
# setfacl --remove-all [file with extended ACL]