Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must only use remote syslog servers (log hosts) that is justified and documented using site-defined procedures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4395 | GEN005460 | SV-45989r1_rule | Medium |
| Description |
|---|
| If a remote log host is in use and it has not been justified and documented with the IAO, sensitive information could be obtained by unauthorized users without the SA's knowledge. A remote log host is any host to which the system is sending syslog messages over a network. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server v11 for System z | 2016-12-20 |
Details
| Check Text ( C-43271r1_chk ) |
|---|
| Examine the rsyslog.conf file for any references to remote log hosts. # grep -v "^#" /etc/rsyslog* | grep '@' # grep -v "^#" /etc/rsyslog.d/* | grep '@' Destination locations beginning with an '@' represent log hosts. If the log host name is a local alias such as "loghost", consult the /etc/hosts or other name databases as necessary to obtain the canonical name or address for the log host. Determine if the host referenced is a log host documented using site-defined procedures. If an undocumented log host is referenced, this is a finding. |
| Fix Text (F-39354r1_fix) |
|---|
| Remove or document the referenced undocumented log host. |