Kibana and Logstash has their log files stored under /var/log by default and they have the following authority settings. But based on CIS security scan report, no application should have Others Read to be set false to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected. Logstash and Kibana does not following the requirement.
How could we change the authority of these log files?
[root@localhost log]# ls -lrt kib*
total 33540
-rw-r--r--. 1 root root 0 May 18 15:45 kibana.stderr
-rw-r--r--. 1 root root 33123562 May 27 14:23 kibana.stdout
[root@localhost log]# ls -lrt log*
-rw-r--r--. 1 root root 94208 May 26 20:17 logstash-cmd.log
logstash:
total 316
-rw-r--r--. 1 logstash root 434 May 25 17:30 logstash-plain-2017-05-25.log
-rw-r--r--. 1 logstash root 318902 May 26 20:17 logstash-plain.log