Hi
I'm currently going through the process of hardening linux systems to meet CIS Security Benchmark standards for Ubuntu Linux.
One of the items requires justification for permissions on logs under /var/log/*. I've noticed that vmware-vmsvc.log is world readable.
Is this a potential security risk, given that non-root users are able to browse this log and perhaps infer sensitive information from it?
Is there any documentation from VMware regarding what the security best practice for these logs are?
Example below:
````
user@server:~$ tail /var/log/vmware-vmsvc.log
[Aug 10 04:25:09.726] [ message] [vix] QueryVGAuthConfig: vgauth usage is: 1
[Aug 10 04:25:09.726] [ message] [vmtoolsd] Plugin 'vix' initialized.
[Aug 10 04:25:09.726] [ message] [vmtoolsd] Plugin 'deployPkg' initialized.
[Aug 10 04:25:09.786] [ message] [vmtoolsd] Plugin 'grabbitmqProxy' initialized.
[Aug 10 04:25:09.786] [ message] [vmtoolsd] Plugin 'guestInfo' initialized.
[Aug 10 04:25:09.786] [ message] [vmtoolsd] Plugin 'powerops' initialized.
[Aug 10 04:25:09.786] [ message] [vmtoolsd] Plugin 'timeSync' initialized.
[Aug 10 04:25:09.786] [ message] [vmtoolsd] Plugin 'vmbackup' initialized.
[Aug 10 04:25:09.790] [ message] [vix] VixTools_ProcessVixCommand: command 62
[Aug 10 04:25:39.706] [ warning] [guestinfo] GuestInfoSendNicInfoXdr: update failed: request "SetGuestInfo 10 ", reply "Invalid guest information type.".
user@server:~$
user@server:~$
user@server:~$ ls -l /var/log/vmware-vmsvc.log
-rw-r--r-- 1 root root 3807557 Aug 10 04:25 /var/log/vmware-vmsvc.log
user@server:~$
-----
Many thanks in advance for any help!