Skip to content
Log In

Guide to the Secure Configuration of Red Hat Enterprise Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Install systemd-journal-remote Package

    Journald (via systemd-journal-remote ) supports the ability to send log events it gathers to a remote log host or to receive messages from remote hosts, thus enabling centralised log management.
    Rule Medium Severity
    Show

  • Enable systemd-journald Service

    The <code>systemd-journald</code> service is an essential component of systemd. The <code>systemd-journald</code> service can be enabled with the following command: <pre>$ sudo systemctl enable sy...
    Rule Medium Severity
    Show

  • Ensure journald is configured to compress large log files

    The journald system can compress large log files to avoid fill the system disk.
    Rule Medium Severity
    Show

  • Ensure journald is configured to send logs to rsyslog

    Data from journald may be stored in volatile memory or persisted locally. Utilities exist to accept remote export of journald logs.
    Rule Medium Severity
    Show

  • Ensure journald is configured to write log files to persistent disk

    The journald system may store log files in volatile memory or locally on disk. If the logs are only stored in volatile memory they will we lost upon reboot.
    Rule Medium Severity
    Show

  • Disable systemd-journal-remote Socket

    Journald supports the ability to receive messages from remote hosts, thus acting as a log server. Clients should not receive data from other hosts. NOTE: The same package, systemd-journal-remot...
    Rule Medium Severity
    Show

  • Ensure logrotate is Installed

    logrotate is installed by default. The logrotate package can be installed with the following command: 
     $ sudo yum install logrotate
    Rule Medium Severity
    Show

  • Ensure Logrotate Runs Periodically

    The <code>logrotate</code> utility allows for the automatic rotation of log files. The frequency of rotation is specified in <code>/etc/logrotate.conf</code>, which triggers a cron task or a timer...
    Rule Medium Severity
    Show

  • Enable logrotate Timer

    The logrotate timer can be enabled with the following command: 
    $ sudo systemctl enable logrotate.timer
    Rule Medium Severity
    Show

  • Configure rsyslogd to Accept Remote Messages If Acting as a Log Server

    By default, <code>rsyslog</code> does not listen over the network for log messages. If needed, modules can be enabled to allow the rsyslog daemon to receive messages from other systems and for the ...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules