The TOSS operating system must be configured to preserve log records from failure events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-252927 | TOSS-04-010170 | SV-252927r991562_rule | CCI-001665 | medium |
| Description | ||||
| Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving operating system state information helps to facilitate operating system restart and return to the operational mode of the organization with least disruption to mission/business processes. | ||||
| STIG | Date | |||
| Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide | 2025-05-08 | |||
Details
Check Text (C-252927r991562_chk)
Verify the rsyslog service is enabled and active with the following commands:
$ sudo systemctl is-enabled rsyslog
enabled
$ sudo systemctl is-active rsyslog
active
If the service is not "enabled" and "active", this is a finding.
If "rsyslog" is not enabled, ask the System Administrator how system error logging is performed on the system. If there is no evidence of system logging being performed on the system, this is a finding.
Fix Text (F-56330r824104_fix)
Start and enable the rsyslog service with the following commands:
$ sudo systemctl start rsyslog.service
$ sudo systemctl enable rsyslog.service