Skip to content

Disable Logwatch on Clients if a Logserver Exists

An XCCDF Rule

Description

Does your site have a central logserver which has been configured to report on logs received from all systems? If so:

$ sudo rm /etc/cron.daily/0logwatch
If no logserver exists, it will be necessary for each system to run Logwatch individually. Using a central logserver provides the security and reliability benefits discussed earlier, and also makes monitoring logs easier and less time-intensive for administrators.

ID
xccdf_org.ssgproject.content_rule_disable_logwatch_for_logserver
Severity
Unknown
References
Updated