Skip to content

Ensure logging is configured

An XCCDF Rule

Description

The /etc/rsyslog.conf and /etc/rsyslog.d/*.conf files specifies rules for logging and which files are to be used to log certain classes of messages.

warning alert: Warning

This rule does not come with remediation as there is no one way to solve the problem, and the requirement from CIS specification does not require one particular way, but persuades the system administrator to perform configuration suitable for the specific environment. This also means that the OVAL check is too generic, and the user most probably should perform additional manual verification.

Rationale

A great deal of important security-related information is sent via rsyslog (e.g., successful and failed su attempts, failed login attempts, root login attempts, etc.).

ID
xccdf_org.ssgproject.content_rule_rsyslog_logging_configured
Severity
Medium
References
Updated