Amazon Linux 2023 must monitor remote access methods.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-274021	SRG-OS-000032-GPOS-00013	AZLX-23-001045	SV-274021r1120695_rule	2025-07-15	1

Description
Remote access services, such as those providing remote access to network devices and information systems, which lack automated monitoring capabilities, increase risk and make remote user access management difficult at best.

ℹ️ Check
Verify Amazon Linux 2023 monitors all remote access methods. Check that remote access methods are being logged by running the following command: $ sudo grep -E '(auth.\|authpriv.\|daemon.)' /etc/rsyslog.conf auth.;authpriv.;daemon. /var/log/secure If "auth.", "authpriv.", or "daemon.*" are not configured to be logged, this is a finding.

✔️ Fix
Configure Amazon Linux 2023 to monitor all remote access methods by installing rsyslog with the following command: $ sudo yum install rsyslog Then add or update the following lines to the "/etc/rsyslog.conf" file: auth.;authpriv.;daemon.* /var/log/secure The "rsyslog" service must be restarted for the changes to take effect. To restart the "rsyslog" service, run the following command: $ sudo systemctl restart rsyslog.service

✔️ Fix

Configure Amazon Linux 2023 to monitor all remote access methods by installing rsyslog with the following command: $ sudo yum install rsyslog Then add or update the following lines to the "/etc/rsyslog.conf" file: auth.*;authpriv.*;daemon.* /var/log/secure The "rsyslog" service must be restarted for the changes to take effect. To restart the "rsyslog" service, run the following command: $ sudo systemctl restart rsyslog.service