Back

Configure the "accept remote messages" setting for "Rsyslog" to organizational standards.


CONTROL ID
08801
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Red Hat Enterprise Linux to Organizational Standards., CC ID: 08713

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Ensure remote rsyslog messages are only accepted on designated log hosts. Description: By default, `rsyslog` does not listen for log messages coming in from remote systems. The `ModLoad` tells `rsyslog` to load the `imtcp.so` module so it can listen over a network via TCP. The `InputTCPServerRun` op… (4.2.1.6, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure remote rsyslog messages are only accepted on designated log hosts. Description: By default, `rsyslog` does not listen for log messages coming in from remote systems. The `ModLoad` tells `rsyslog` to load the `imtcp.so` module so it can listen over a network via TCP. The `InputTCPServerRun` op… (4.2.1.6, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Title: Accept Remote rsyslog Messages Only on Designated Log Hosts Description: By default, rsyslog does not listen for log messages coming in from remote systems. The ModLoad tells rsyslog to load the imtcp.so module so it can listen over a network via TCP. The InputTCPServerRun option instruct… (Rule:xccdf_org.cisecurity.benchmarks_rule_5.1.6_Accept_Remote_rsyslog_Messages_Only_on_Designated_Log_Hosts, The Center for Internet Security Red Hat Enterprise Linux 6 Level 1 Benchmark, 1.2.0)
  • Title: Accept Remote rsyslog Messages Only on Designated Log Hosts Description: By default, rsyslog does not listen for log messages coming in from remote systems. The ModLoad tells rsyslog to load the imtcp.so module so it can listen over a network via TCP. The InputTCPServerRun option instruct… (Rule:xccdf_org.cisecurity.benchmarks_rule_5.1.6_Accept_Remote_rsyslog_Messages_Only_on_Designated_Log_Hosts, The Center for Internet Security Red Hat Enterprise Linux 6 Level 2 Benchmark, 1.2.0)
  • Ensure remote rsyslog messages are only accepted on designated log hosts. Description: By default, `rsyslog` does not listen for log messages coming in from remote systems. The `ModLoad` tells `rsyslog` to load the `imtcp.so` module so it can listen over a network via TCP. The `InputTCPServerRun` op… (4.2.1.6, CIS Oracle Linux 8 Benchmark, Server Level 1, v1.0.1)
  • Ensure remote rsyslog messages are only accepted on designated log hosts. Description: By default, `rsyslog` does not listen for log messages coming in from remote systems. The `ModLoad` tells `rsyslog` to load the `imtcp.so` module so it can listen over a network via TCP. The `InputTCPServerRun` op… (4.2.1.6, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)
  • Rsyslog should accept remote messages or not as appropriate. Technical Mechanisms: via /etc/rsyslog.conf Parameters: accept / reject References: Section: 2.6.1.2.6 - Enable rsyslog to Accept Remote Messages on Loghosts Only (CCE-17639-6, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 5, 5.20130214)