CCE-92506-5Platform: cpe:/o:oracle:linux:7 | Date: (C)2019-11-07 (M)2023-07-04 |
The 'rsyslog' daemon should not accept remote messages
unless the system acts as a log server.
If the system needs to act as a central log server, add the following lines to
'/etc/rsyslog.conf' to enable reception of messages over UDP:
$ModLoad imudp
$UDPServerRun 514
Parameter:
[enable_rsyslog_to_accept_messages/disable_accepting_message_via_udp]
Technical Mechanism:
Many devices, such as switches, routers, and other Unix-like systems, may only support
the traditional syslog transmission over UDP. If the system must act as a log server,
this enables it to receive their messages as well.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.3 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 1.4 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: NONE |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:49448 |