CCE-55024-4Platform: cpe:/o:redhat:enterprise_linux:8,cpe:/o:oracle:linux:7,cpe:/o:oracle:linux:8,cpe:/o:amazon:linux:2,cpe:/o:redhat:enterprise_linux:9,cpe:/o:redhat:enterprise_linux:7,cpe:/o:centos:centos:7 | Date: (C)2024-01-08 (M)2024-04-23 |
Title:
Ensure journald log rotation is configured per site policy (SystemMaxUse)
Description:
Journald includes the capability of rotating log files regularly to avoid filling up the system
with logs or making the logs unmanageably large. The file /etc/systemd/journald.conf is
the configuration file used to specify how logs generated by Journald should be rotated.
Rationale:
By keeping the log files smaller and more manageable, a system administrator can easily
archive these files to another system and spend less time looking through inordinately
large log files.
Audit:
Review /etc/systemd/journald.conf and verify logs are rotated according to site policy.
The specific parameters for log rotation are:
SystemMaxUse=
SystemKeepFree=
RuntimeMaxUse=
RuntimeKeepFree=
MaxFileSec=
Remediation:
Review /etc/systemd/journald.conf and verify logs a re rotated according to site policy.
The settings should be carefully understood as there are specific edge cases and
prioritization of parameters.
The specific parameters for log rotation are:
SystemMaxUse=
SystemKeepFree=
RuntimeMaxUse=
RuntimeKeepFree=
MaxFileSec=
Additional Information:
See man 5 journald.conf for detailed information regarding the parameters in use.
Parameter:
[500M, 100M, 250M, 50M, 1d]
Technical Mechanism:
Remediation:
Review /etc/systemd/journald.conf and verify logs a re rotated according to site policy.
The settings should be carefully understood as there are specific edge cases and
prioritization of parameters.
The specific parameters for log rotation are:
SystemMaxUse=
SystemKeepFree=
RuntimeMaxUse=
RuntimeKeepFree=
MaxFileSec=
Additional Information:
See man 5 journald.conf for detailed information regarding the parameters in use.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.6 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 4.7 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97453 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97190 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:96265 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97221 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97252 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97513 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97486 |