{"description": "The journald system can compress large log files to avoid fill the system disk.", "rationale": "Log files that are not properly compressed run the risk of growing so large that they fill up the log partition. Valuable logging information could be lost if the log partition becomes full.", "severity": "medium", "references": {"cis": ["6.2.1.1.6"]}, "control_references": {"cis": ["6.2.1.1.6"]}, "components": [], "identifiers": {}, "ocil_clause": "is commented out or not configured correctly", "ocil": "Storing logs with compression can help avoid filling the system disk.\nRun the following command to verify that journald is compressing logs.\n<pre>\ngrep \"^\\sCompress\" /etc/systemd/journald.conf\n\n</pre>\nand it should return\n<pre>\nCompress=yes\n</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "service_disabled[rsyslog]", "platforms": ["service_disabled[rsyslog]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["service_disabled_rsyslog"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure journald is configured to compress large log files", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/journald/journald_compress/rule.yml", "template": {"name": "shell_lineinfile", "vars": {"path": "/etc/systemd/journald.conf", "parameter": "Compress", "value": "yes", "no_quotes": "true"}, "backends": {}}}