4.2.1.2 Ensure logging is configured (Not Scored) [SecScan]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.
====== 4.2.1.2 Ensure logging is configured (Not Scored) ======
=====Profile Applicability=====  
<code>
Level 1 - Server 
Level 1 - Workstation
</code>
=====Description=====
The ''/etc/rsyslog.conf'' file specifies rules for logging and which files are to be used to log certain classes of messages.
=====Rationale=====
A great deal of important security-related information is sent via rsyslog (e.g., successful and failed su attempts, failed login attempts, root login attempts, etc.).
=====Audit===== 
Review the contents of the ''/etc/rsyslog.conf'' file to ensure appropriate logging is set. In addition, run the following command and verify that the log files are logging information:
<Code:bash>
# ls -l /var/log/
</Code>
=====Remediation===== 
Edit the following lines in the /etc/rsyslog.conf file as appropriate for your environment:
<Code:bash>
*.emerg                  :omusrmsg:* 
mail.*                  -/var/log/mail 
mail.info               -/var/log/mail.info 
mail.warning            -/var/log/mail.warn 
mail.err                 /var/log/mail.err 
news.crit               -/var/log/news/news.crit 
news.err                -/var/log/news/news.err 
news.notice             -/var/log/news/news.notice 
*.=warning;*.=err       -/var/log/warn 
*.crit                   /var/log/warn 
*.*;mail.none;news.none -/var/log/messages 
local0,local1.*         -/var/log/localmessages 
local2,local3.*         -/var/log/localmessages 
local4,local5.*         -/var/log/localmessages 
local6,local7.*         -/var/log/localmessages
</Code>
Run the following command to restart ''rsyslogd'':
<Code:bash>
# pkill -HUP rsyslogd
</Code>
=====References===== 
See the ''rsyslog.conf(5)'' man page for more information.