Check: RHEL-09-652010
RHEL 9 STIG:
RHEL-09-652010
(in versions v1 r3 through v1 r1)
Title
RHEL 9 must have the rsyslog package installed. (Cat II impact)
Discussion
rsyslogd is a system utility providing support for message logging. Support for both internet and Unix domain sockets enables this utility to support both local and remote logging. Couple this utility with "gnutls" (which is a secure communications library implementing the SSL, TLS, and DTLS protocols), to create a method to securely encrypt and offload auditing. Satisfies: SRG-OS-000479-GPOS-00224, SRG-OS-000051-GPOS-00024, SRG-OS-000480-GPOS-00227
Check Content
Verify that RHEL 9 has the rsyslogd package installed with the following command: $ sudo dnf list --installed rsyslog Example output: rsyslog.x86_64 8.2102.0-101.el9_0.1 If the "rsyslogd" package is not installed, this is a finding.
Fix Text
The rsyslogd package can be installed with the following command: $ sudo dnf install rsyslogd
Additional Identifiers
Rule ID: SV-258140r926407_rule
Vulnerability ID: V-258140
Group Title: SRG-OS-000479-GPOS-00224
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000154 |
The information system provides the capability to centrally review and analyze audit records from multiple components within the system. |
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-001851 |
The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited. |