Profile Applicability:
• Level 1
Description:
systemd-journal-remote is a service that enables a system to receive and process logs forwarded from remote systems using the systemd journal protocol. Installing this service is essential for centralized log collection and enhanced monitoring.
Rationale:
Installing systemd-journal-remote supports centralized logging infrastructure, improving log management, security monitoring, and incident response capabilities.
Impact:
Pros:
Enables receipt and processing of remote journal logs.
Supports comprehensive centralized log management.
Cons:
Requires additional resources and configuration.
Default Value:
The service is typically not installed by default on most systems.
Pre-requisites:
Root or sudo privileges to install packages.
Network access to fetch packages from repositories.
Remediation:
Test Plan:
Using Linux command line:
Check if systemd-journal-remote is installed:
On RPM-based systems:
rpm -q systemd-journal-remote
On Debian-based systems:
dpkg -l | grep systemd-journal-remote
Confirm the package installation status.
Implementation Plan:
Using Linux command line:
Install systemd-journal-remote if missing:
On RPM-based systems:
yum install systemd-journal-remote -y
On Debian-based systems:
apt-get install systemd-journal-remote -y
Verify installation:
systemctl status systemd-journal-remote
Backout Plan:
Using Linux command line:
Remove systemd-journal-remote if necessary:
On RPM-based systems:
yum remove systemd-journal-remote -y
On Debian-based systems:
apt-get remove systemd-journal-remote -y
Confirm removal.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
systemd-journal-remote Documentation