An error occurred:

Check: RHEL-09-652010

RHEL 9 STIG: RHEL-09-652010 (in version v2 r3)

Title

RHEL 9 must have the rsyslog package installed. (Cat II impact)

Discussion

rsyslogd is a system utility providing support for message logging. Support for both internet and Unix domain sockets enables this utility to support both local and remote logging. Couple this utility with "gnutls" (which is a secure communications library implementing the SSL, TLS, and DTLS protocols), to create a method to securely encrypt and offload auditing. Satisfies: SRG-OS-000479-GPOS-00224, SRG-OS-000051-GPOS-00024, SRG-OS-000480-GPOS-00227

Check Content

Verify that RHEL 9 has the rsyslogd package installed with the following command: $ dnf list --installed rsyslog Example output: rsyslog.x86_64 8.2102.0-101.el9_0.1 If the "rsyslogd" package is not installed, this is a finding.

Fix Text

The rsyslogd package can be installed with the following command: $ sudo dnf install rsyslogd

Additional Identifiers

Rule ID: SV-258140r1045278_rule

Vulnerability ID: V-258140

Group Title: SRG-OS-000479-GPOS-00224

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000154

Provide the capability to centrally review and analyze audit records from multiple components within the system.
CCI-001851

Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-4(1)

Transfer to Alternate Storage
AU-6(4)

Central Review and Analysis