ubuntu1604:4:2:3

4.2.3 Ensure rsyslog or syslog-ng is installed (Scored)

Profile Applicability

Level 1 - Server 
Level 1 - Workstation

Description

The rsyslog and syslog-ng software are recommended replacements to the original syslogd daemon which provide improvements over syslogd, such as connection-oriented (i.e. TCP) transmission of logs, the option to log to database formats, and the encryption of log data en route to a central logging server.

Rationale

The security enhancements of rsyslog and syslog-ng such as connection-oriented (i.e. TCP) transmission of logs, the option to log to database formats, and the encryption of log data en route to a central logging server) justify installing and configuring the package.

Audit

Verify either rsyslog or syslog-ng is installed. Depending on the package management in use one of the following command groups may provide the needed information: 

# dpkg -s rsyslog 
# dpkg -s syslog-ng

Remediation

Install rsyslog or syslog-ng using one of the following commands: 

# apt-get install rsyslog 
# apt-get install syslog-ng
  • ubuntu1604/4/2/3.txt
  • Last modified: 2017/05/03 01:32
  • by 127.0.0.1