iCompaas Support

Profile Applicability:
 • Level 1

Description:
 The rsyslog service provides system logging functionality. Enabling the service ensures that logs are collected and managed properly, supporting monitoring and forensic investigations.

Rationale:
 An enabled and running rsyslog service maintains continuous logging, which is essential for detecting security events and troubleshooting system issues.

Impact:
 Pros:

• Ensures consistent system and application logging.
  

• Supports compliance and audit requirements.
  

Cons:

• None significant if properly configured.
  

Default Value:
 The service may or may not be enabled by default depending on the system setup.

Pre-requisites:

• Root or sudo privileges to manage system services.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check the status of the rsyslog service:
   

   systemctl is-enabled rsyslog

2. Confirm if the service is enabled.
   

Implementation Plan:

Using Linux command line:

1. Enable the rsyslog service:

systemctl enable rsyslog

2. Start the rsyslog service:

systemctl start rsyslog

3. Verify the service status:

systemctl status rsyslog

Backout Plan:

Using Linux command line:

1. Disable the rsyslog service if necessary:

systemctl disable rsyslog

2. Stop the rsyslog service:

systemctl stop rsyslog

3. Verify the service status.

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• rsyslog Documentation
  

• systemd Service Management