|Finding ID||Version||Rule ID||IA Controls||Severity|
|Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving operating system state information helps to facilitate operating system restart and return to the operational mode of the organization with least disruption to mission/business processes.|
|Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide||2022-12-06|
|Check Text ( C-41563r654232_chk )|
| Verify the log service is configured to collect system failure events. |
Check that the log service is installed properly with the following command:
$ dpkg -l | grep rsyslog
ii rsyslog 8.32.0-1ubuntu4 amd64 reliable system and kernel logging daemon
If the "rsyslog" package is not installed, this is a finding.
Check that the log service is enabled with the following command:
$ systemctl is-enabled rsyslog
If the command above returns "disabled", this is a finding.
Check that the log service is properly running and active on the system with the following command:
$ systemctl is-active rsyslog
If the command above returns "inactive", this is a finding.
|Fix Text (F-41522r654233_fix)|
| Configure the log service to collect failure events. |
Install the log service (if the log service is not already installed) with the following command:
$ sudo apt-get install rsyslog
Enable the log service with the following command:
$ sudo systemctl enable --now rsyslog