STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 7 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide

V-257530

CAT II (Medium)

OpenShift must protect log directory from any type of unauthorized access by setting file permissions.

Rule ID

SV-257530r960930_rule

STIG

Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000162

Discussion

Log files contain sensitive information such as user credentials, system configurations, and potentially even security-related events. Unauthorized access to log files can expose this sensitive data to malicious actors. By protecting the log directory, OpenShift ensures that only authorized users or processes can access the log files, preserving the confidentiality of the information contained within them.

Check Content

Verify the "/var/log" directory has a mode of "0755" or less by executing the following:

for node in $(oc get node -oname); do oc debug $node -- chroot /host /bin/bash -c 'echo -n "$HOSTNAME "; stat -c "%a %n" /var/log' 2>/dev/null; done

If a value of "0755" or less permissive is not returned, this is a finding.

Fix Text

Correct log directory permissions by executing the following:

for node in $(oc get node -oname); do oc debug $node -- chroot /host /bin/bash -c 'echo -n "$HOSTNAME "; chmod 755 /var/log/' 2>/dev/null; done