Profile Applicability:
• Level 1
Description:
The systemd-journald service collects and manages system log data. Ensuring the journald service is enabled guarantees continuous logging of system events, which is critical for security monitoring and auditing.
Rationale:
Enabling the journald service ensures that all system logs are captured reliably and persistently, supporting forensic analysis, compliance, and troubleshooting.
Impact:
Pros:
Provides continuous collection of system logs.
Supports centralized and consistent log management.
Cons:
Requires proper configuration to manage log storage and retention.
Default Value:
The journald service is typically enabled and running by default on most systemd-based systems.
Pre-requisites:
Root or sudo privileges to manage system services.
Remediation:
Test Plan:
Using Linux command line:
Check if systemd-journald service is enabled:
systemctl is-enabled systemd-journald
Check if the service is active:
systemctl is-active systemd-journald
Implementation Plan:
Using Linux command line:
Enable the systemd-journald service:
systemctl enable systemd-journald
Start the systemd-journald service:
systemctl start systemd-journald
Verify service status:
systemctl is-enabled systemd-journald systemctl is-active systemd-journald
Backout Plan:
Using Linux command line:
Disable the journald service if needed:
systemctl disable systemd-journald
Stop the journald service:
systemctl stop systemd-journald
Verify service status.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
systemd-journald Documentation
Systemd Service Management