Configure CA certificate for rsyslog remote logging

An XCCDF Rule

Details
Profiles
Prose

Description

Configure CA certificate for rsyslog logging to remote server using Transport Layer Security (TLS) using correct path for the DefaultNetstreamDriverCAFile global option in /etc/rsyslog.conf, for example with the following command:

echo 'global(DefaultNetstreamDriverCAFile="/etc/pki/tls/cert.pem")' >> /etc/rsyslog.conf

Replace the /etc/pki/tls/cert.pem in the above command with the path to the file with CA certificate generated for the purpose of remote logging.

warning alert: Warning

Automatic remediation is not available as each organization has unique requirements.

Rationale

The CA certificate needs to be set or rsyslog.service fails to start with

error: ca certificate is not set, cannot continue

ID: xccdf_org.ssgproject.content_rule_rsyslog_remote_tls_cacert
Severity: Medium
References: BP28(R43)

0988 1405

FCS_TLSC_EXT.1

SRG-OS-000480-GPOS-00227

CCE-91514-0
Updated: about 1 year ago