iCompaas Support

Profile Applicability:
 • Level 1

Description Setting an appropriate log level ensures that sufficient information is logged for auditing and troubleshooting while avoiding excessive log noise.

Rationale:
 Configuring a suitable log level improves the ability to detect and investigate security events without overwhelming the system with unnecessary log data.

Impact:
 Pros:

• Enhances security monitoring and incident investigation capabilities.
  
  

• Balances log detail and system performance.
  
  

Cons:

• Setting too verbose a level may generate excessive logs.
  
  

Default Value:
 The default log level is typically INFO or VERBOSE depending on the SSH server version.

Pre-requisites:

• Root or sudo privileges to modify SSH daemon configuration.
  
  

Remediation:

Test Plan:

Using Linux command line:

 Check current LogLevel setting in /etc/ssh/sshd_config:

grep ^LogLevel /etc/ssh/sshd_config

Verify the configured log level.

Implementation Plan:

Using Linux command line:

Edit /etc/ssh/sshd_config:

vi /etc/ssh/sshd_config

Add or update the LogLevel directive, for example:

LogLevel VERBOSE

Save the file and restart sshd:

systemctl restart sshd

Confirm the setting:

grep ^LogLevel /etc/ssh/sshd_config

Backout Plan:

Using Linux command line:

1. Revert to previous LogLevel settings if necessary.
   
   

2. Restart sshd and monitor logging behavior.
   

References:

• NIST SP 800-53 Revision 5 - AU-2