UCF STIG Viewer Logo

The system syslog service must log informational and more severe SMTP service messages.


Overview

Finding ID Version Rule ID IA Controls Severity
V-836 GEN004460 SV-63749r2_rule Medium
Description
If informational and more severe SMTP service messages are not logged, malicious activity on the system may go unnoticed.
STIG Date
Oracle Linux 5 Security Technical Implementation Guide 2020-02-25

Details

Check Text ( C-52329r4_chk )
Check the syslog configuration file for mail.crit logging configuration. Depending on what system is used for log processing either /etc/syslog.conf or /etc/rsyslog.conf will be the logging configuration file.

Procedure:

# grep "mail\." /etc/syslog.conf

Or:

#grep "mail\." /etc/syslog.conf

If syslog is not configured to log critical sendmail messages ("mail.crit" or "mail.*"), this is a finding.
Fix Text (F-54339r4_fix)
Edit the syslog.conf or rsyslog.conf file and add a configuration line specifying an appropriate destination for "mail.crit" or "mail.*" syslog messages.