Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 9

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure rsyslog is Installed

    Rsyslog is installed by default. The rsyslog package can be installed with the following command:
     $ sudo dnf install rsyslog
    Rule Medium Severity
  • Enable rsyslog Service

    The <code>rsyslog</code> service provides syslog-style logging by default on Red Hat Enterprise Linux 9. The <code>rsyslog</code> service can be e...
    Rule Medium Severity
  • Ensure rsyslog Default File Permissions Configured

    rsyslog will create logfiles that do not already exist on the system. This settings controls what permissions will be applied to these newly create...
    Rule Medium Severity
  • Configure Logwatch on the Central Log Server

    Is this system the central log server? If so, edit the file /etc/logwatch/conf/logwatch.conf as shown below.
    Group
  • Ensure Logrotate Runs Periodically

    The <code>logrotate</code> utility allows for the automatic rotation of log files. The frequency of rotation is specified in <code>/etc/logrotate....
    Rule Medium Severity
  • Ensure Proper Configuration of Log Files

    The file <code>/etc/rsyslog.conf</code> controls where log message are written. These are controlled by lines called <i>rules</i>, which consist of...
    Group
  • User who owns log files

    Specify user owner of all logfiles specified in /etc/rsyslog.conf.
    Value
  • Ensure cron Is Logging To Rsyslog

    Cron logging must be implemented to spot intrusions or trace cron job status. If <code>cron</code> is not logging to <code>rsyslog</code>, it can b...
    Rule Medium Severity
  • Ensure Rsyslog Authenticates Off-Loaded Audit Records

    Rsyslogd is a system utility providing support for message logging. Support for both internet and UNIX domain sockets enables this utility to suppo...
    Rule Medium Severity
  • Ensure Rsyslog Encrypts Off-Loaded Audit Records

    Rsyslogd is a system utility providing support for message logging. Support for both internet and UNIX domain sockets enables this utility to suppo...
    Rule Medium Severity
  • Ensure Rsyslog Encrypts Off-Loaded Audit Records

    Rsyslogd is a system utility providing support for message logging. Support for both internet and UNIX domain sockets enables this utility to suppo...
    Rule Medium Severity
  • Ensure Log Files Are Owned By Appropriate User

    The owner of all log files written by <code>rsyslog</code> should be <code>root</code>. These log files are determined by the second part of each...
    Rule Medium Severity
  • Enable logrotate Timer

    The logrotate timer can be enabled with the following command:
    $ sudo systemctl enable logrotate.timer
    Rule Medium Severity
  • Ensure System Log Files Have Correct Permissions

    The file permissions for all log files written by <code>rsyslog</code> should be set to 640, or more restrictive. These log files are determined by...
    Rule Medium Severity
  • Ensure logging is configured

    The <code>/etc/rsyslog.conf</code> and <code>/etc/rsyslog.d/*.conf</code> files specifies rules for logging and which files are to be used to log c...
    Rule Medium Severity
  • Ensure remote access methods are monitored in Rsyslog

    Logging of remote access methods must be implemented to help identify cyber attacks and ensure ongoing compliance with remote access policies are b...
    Rule Medium Severity
  • systemd-journald

    systemd-journald is a system service that collects and stores logging data. It creates and maintains structured, indexed journals based on logging ...
    Group
  • Enable systemd-journald Service

    The <code>systemd-journald</code> service is an essential component of systemd. The <code>systemd-journald</code> service can be enabled with the ...
    Rule Medium Severity
  • Ensure journald is configured to compress large log files

    The journald system can compress large log files to avoid fill the system disk.
    Rule Medium Severity
  • Ensure journald is configured to send logs to rsyslog

    Data from journald may be stored in volatile memory or persisted locally. Utilities exist to accept remote export of journald logs.
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules