The Photon operating system must enable the rsyslog service.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-258901 | SRG-OS-000480-GPOS-00227 | PHTN-40-000242 | SV-258901r991589_rule | 2024-07-11 | 2 |
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.
ℹ️ Check
If another package is used to offload logs, such as syslog-ng, and is properly configured, this is not applicable.
At the command line, run the following command to verify rsyslog is enabled and running:
# systemctl status rsyslog
If the rsyslog service is not enabled and running, this is a finding.
✔️ Fix
At the command line, run the following commands:
# systemctl enable rsyslog
# systemctl start rsyslog