Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-234865 | SLES-15-010580 | SV-234865r854211_rule | Medium |
| Description |
|---|
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server 15 Security Technical Implementation Guide | 2024-02-16 |
Details
| Check Text ( C-38053r618864_chk ) |
|---|
| Verify that the SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly. For stand-alone hosts, verify with the System Administrator that the log files are off-loaded at least weekly. For networked systems, check that rsyslog is sending log messages to a remote server with the following command: > sudo grep "\*.\*" /etc/rsyslog.conf | grep "@" | grep -v "^#" *.*;mail.none;news.none @192.168.1.101:514 If any active message labels in the file do not have a line to send log messages to a remote server, this is a finding. |
| Fix Text (F-38016r618865_fix) |
|---|
| Configure the SUSE operating system to off-load rsyslog messages for networked systems in real time. For stand-alone systems establish a procedure to off-load log messages at least once a week. For networked systems add a "@[Log_Server_IP_Address]" option to every active message label in "/etc/rsyslog.conf" that does not have one. Some examples are listed below: *.*;mail.none;news.none -/var/log/messages *.*;mail.none;news.none @192.168.1.101:514 An additional option is to capture all of the log messages and send them to a remote log host: *.* @@loghost:514 |