Title

The TOSS operating system must be configured to preserve log records from failure events. (Cat II impact)

Discussion

Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving operating system state information helps to facilitate operating system restart and return to the operational mode of the organization with least disruption to mission/business processes.

Check Content

Verify the rsyslog service is enabled and active with the following commands: $ sudo systemctl is-enabled rsyslog enabled $ sudo systemctl is-active rsyslog active If the service is not "enabled" and "active", this is a finding. If "rsyslog" is not enabled, ask the System Administrator how system error logging is performed on the system. If there is no evidence of system logging being performed on the system, this is a finding.

Fix Text

Start and enable the rsyslog service with the following commands: $ sudo systemctl start rsyslog.service $ sudo systemctl enable rsyslog.service

Additional Identifiers

Rule ID: SV-252927r991562_rule

Vulnerability ID: V-252927

Group Title: SRG-OS-000269-GPOS-00103

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.