NixOS must authenticate the remote logging server for off-loading audit logs.
An XCCDF Rule
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. NixOS supports "syslog-ng". "syslog-ng" is a common system utility providing support for message logging. Support for both internet and Unix domain sockets enables this utility to support both local and remote logging. This utility also natively supports TLS to securely encrypt and off-load auditing. Satisfies: SRG-OS-000051-GPOS-00024, SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224
- ID
- SV-268109r1039595_rule
- Version
- ANIX-00-000490
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the operating system to authenticate the remote logging server for off-loading audit logs.
Add or update the "services.syslog-ng.extraConfig" configuration in /etc/nixos/configuration.nix to include the following:
destination d_network {
syslog(