STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021: STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:SV-238353r654234_rule
V-238353
SRG-OS-000269-GPOS-00103
UBTU-20-010432
CAT II
10
Configure the log service to collect failure events.
Install the log service (if the log service is not already installed) with the following command:
$ sudo apt-get install rsyslog
Enable the log service with the following command:
$ sudo systemctl enable --now rsyslog
Verify the log service is configured to collect system failure events.
Check that the log service is installed properly with the following command:
$ dpkg -l | grep rsyslog
ii rsyslog 8.32.0-1ubuntu4 amd64 reliable system and kernel logging daemon
If the "rsyslog" package is not installed, this is a finding.
Check that the log service is enabled with the following command:
$ systemctl is-enabled rsyslog
enabled
If the command above returns "disabled", this is a finding.
Check that the log service is properly running and active on the system with the following command:
$ systemctl is-active rsyslog
active
If the command above returns "inactive", this is a finding.
V-238353
False
UBTU-20-010432
Verify the log service is configured to collect system failure events.
Check that the log service is installed properly with the following command:
$ dpkg -l | grep rsyslog
ii rsyslog 8.32.0-1ubuntu4 amd64 reliable system and kernel logging daemon
If the "rsyslog" package is not installed, this is a finding.
Check that the log service is enabled with the following command:
$ systemctl is-enabled rsyslog
enabled
If the command above returns "disabled", this is a finding.
Check that the log service is properly running and active on the system with the following command:
$ systemctl is-active rsyslog
active
If the command above returns "inactive", this is a finding.
M
5318