Profile Applicability:
• Level 1
Description:
Proper logging configuration ensures that system events, security incidents, and application activities are recorded consistently. Effective logging supports monitoring, auditing, and forensic investigations.
Rationale:
Comprehensive logging enables timely detection and response to security events, helping maintain system integrity and compliance.
Impact:
Pros:
Enhances security monitoring and incident response.
Provides audit trails for accountability and compliance.
Cons:
Improper configuration may generate excessive logs or miss critical events.
Default Value:
Logging may be partially configured or disabled depending on system defaults.
Pre-requisites:
Root or sudo privileges to configure logging services and files.
Remediation:
Test Plan:
Using Linux command line:
Review logging service configuration files (e.g., /etc/rsyslog.conf, /etc/rsyslog.d/*):
cat /etc/rsyslog.conf
Verify log rotation settings (e.g., /etc/logrotate.conf and /etc/logrotate.d/*).
Confirm logs are being written to expected locations (e.g., /var/log/).
Implementation Plan:
Using Linux command line:
Configure rsyslog or another syslog daemon with appropriate rules to capture required logs.
Set up log rotation policies to manage log size and retention.
Restart logging services to apply changes:
systemctl restart rsyslog
Verify logs are generated and rotated correctly.
Backout Plan:
Using Linux command line:
Revert configuration changes if issues arise.
Restart logging services and confirm proper operation.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
rsyslog Documentation
logrotate Manual