Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== 4.2.2.2 Ensure logging is configured (Not Scored) ====== =====Profile Applicability===== <code> Level 1 - Server Level 1 - Workstation </code> =====Description===== The ''/etc/syslog-ng/syslog-ng.conf'' file specifies rules for logging and which files are to be used to log certain classes of messages. =====Rationale===== A great deal of important security-related information is sent via ''syslog-ng'' (e.g., successful and failed su attempts, failed login attempts, root login attempts, etc.). =====Audit===== Review the contents of the ''/etc/syslog-ng/syslog-ng.conf'' file to ensure appropriate logging is set. In addition, run the following command and ensure that the log files are logging information: <Code:bash> # ls -l /var/log/ </Code> =====Remediation===== Edit the log lines in the ''/etc/syslog-ng/syslog-ng.conf'' file as appropriate for your environment: <Code:bash> log { source(src); source(chroots); filter(f_console); destination(console); }; log { source(src); source(chroots); filter(f_console); destination(xconsole); }; log { source(src); source(chroots); filter(f_newscrit); destination(newscrit); }; log { source(src); source(chroots); filter(f_newserr); destination(newserr); }; log { source(src); source(chroots); filter(f_newsnotice); destination(newsnotice); }; log { source(src); source(chroots); filter(f_mailinfo); destination(mailinfo); }; log { source(src); source(chroots); filter(f_mailwarn); destination(mailwarn); }; log { source(src); source(chroots); filter(f_mailerr); destination(mailerr); }; log { source(src); source(chroots); filter(f_mail); destination(mail); }; log { source(src); source(chroots); filter(f_acpid); destination(acpid); flags(final); }; log { source(src); source(chroots); filter(f_acpid_full); destination(devnull); flags(final); }; log { source(src); source(chroots); filter(f_acpid_old); destination(acpid); flags(final); }; log { source(src); source(chroots); filter(f_netmgm); destination(netmgm); flags(final); }; log { source(src); source(chroots); filter(f_local); destination(localmessages); }; log { source(src); source(chroots); filter(f_messages); destination(messages); }; log { source(src); source(chroots); filter(f_iptables); destination(firewall); }; log { source(src); source(chroots); filter(f_warn); destination(warn); }; </Code> Run the following command to restart ''syslog-ng'': <code:bash> # pkill -HUP syslog-ng </code> =====References===== See the ''syslog-ng'' man page for more information. ubuntu1604/4/2/2/2.txt Last modified: 2017/05/03 01:12by Piotr Kłoczewski