The Red Hat Enterprise Linux operating system must send rsyslog output to a log aggregation server.

An XCCDF Rule

Details
Profiles

Description

Sending rsyslog output to another system ensures that the logs cannot be removed or modified in the event that the system is compromised or has a hardware failure.

ID: SV-204574r917830_rule
Version: RHEL-07-031000
Severity: Medium
References: CCI-000366
Updated: 15 days ago

Remediation Templates

Modify the "/etc/rsyslog.conf" or an "/etc/rsyslog.d/*.conf" file to contain a configuration line to send all "rsyslog" output to a log aggregation server:

For UDP:
     *.* @[logaggregationserver.example.mil]:[port]

For TCP: 
     *.* @@[logaggregationserver.example.mil]:[port]

The Red Hat Enterprise Linux operating system must send rsyslog output to a log aggregation server.

Description

Remediation Templates

A Manual Procedure