Profile Applicability:
• Level 1
Description:
Compressing large log files in systemd’s journal (journald) reduces disk space usage by minimizing the storage size of archived logs, helping maintain efficient log storage management.
Rationale:
Enabling compression of log files saves disk space, supports longer log retention periods, and improves overall system storage efficiency.
Impact:
Pros:
Reduces disk space consumption for log storage.
Enables retention of more historical logs.
Cons:
Compression and decompression require additional CPU resources.
Default Value:
journald may have compression enabled by default, but it should be verified against site policies.
Pre-requisites:
Root or sudo privileges to modify journald configuration.
Remediation:
Test Plan:
Using Linux command line:
Check the current compression setting in /etc/systemd/journald.conf:
grep "^Compress" /etc/systemd/journald.conf
Verify if Compress=yes is set.
Implementation Plan:
Using Linux command line:
Edit
/etc/systemd/journald.conf: vi /etc/systemd/journald.conf
Set the compression parameter:
Compress=yes
Save the file and restart journald:
systemctl restart systemd-journald
Confirm compression is enabled:
grep "^Compress" /etc/systemd/journald.conf
Backout Plan:
Using Linux command line:
Disable compression if needed by setting:
Compress=no
Restart journald service:
systemctl restart systemd-journald
References:
CIS Amazon Linux 2 Benchmark v3.0.0
systemd-journald Documentation
NIST SP 800-53 Revision 5 - SI-4