Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
SLEM 5 must offload rsyslog messages for networked systems in real time and offload standalone systems at least weekly.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-261409 | SLEM-05-652010 | SV-261409r996643_rule | Medium |
| Description |
|---|
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide | 2024-06-04 |
Details
| Check Text ( C-65138r996641_chk ) |
|---|
| Verify that SLEM 5 must offload syslog-ng messages for networked systems in real time and offload standalone systems at least weekly. For standalone hosts, verify with the system administrator that the log files are offloaded at least weekly. For networked systems, check that syslog-ng is sending log messages to a remote server with the following command: > sudo egrep "^destination logserver" /etc/syslog-ng/syslog-ng.conf syslog("10.10.10.10" transport("udp") port(514)); }; If any active message labels in the file do not have a line to send log messages to a remote server, this is a finding. |
| Fix Text (F-65046r996642_fix) |
|---|
| Configure SLEM 5 to offload syslog-ng messages for networked systems in real time. For standalone systems establish a procedure to offload log messages at least once a week. For networked systems add a "UDP_OR_TCP("IP_ADDRESS" port(514)); };" "#log { source(src); destination(logserver); };" in "/etc/syslog-ng/syslog-ng.conf" that does not have one. syslog("10.10.10.10" transport("udp") port(514)); }; |