UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must only use remote syslog servers (log hosts) that is justified and documented using site-defined procedures.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4395 GEN005460 SV-37812r1_rule ECSC-1 Medium
Description
If a remote log host is in use and it has not been justified and documented with the IAO, sensitive information could be obtained by unauthorized users without the SA's knowledge. A remote log host is any host to which the system is sending syslog messages over a network.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2014-04-02

Details

Check Text ( C-37014r1_chk )
Examine the syslog.conf file for any references to remote log hosts.
# grep -v "^#" /etc/syslog.conf | grep '@'
Destination locations beginning with an '@' represent log hosts. If the log host name is a local alias such as "loghost", consult the /etc/hosts or other name databases as necessary to obtain the canonical name or address for the log host. Determine if the host referenced is a log host documented using site-defined procedures. If an undocumented log host is referenced, this is a finding.

Fix Text (F-32281r1_fix)
Remove or document the referenced undocumented log host.