{"description": "Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre>", "rationale": "The rsyslog package provides the rsyslog daemon, which provides\nsystem logging services.", "severity": "medium", "references": {"cis-csc": ["1", "14", "15", "16", "3", "5", "6"], "cobit5": ["APO11.04", "BAI03.05", "DSS05.04", "DSS05.07", "MEA02.01"], "hipaa": ["164.312(a)(2)(ii)"], "isa-62443-2009": ["4.3.3.3.9", "4.3.3.5.8", "4.3.4.4.7", "4.4.2.1", "4.4.2.2", "4.4.2.4"], "isa-62443-2013": ["SR 2.10", "SR 2.11", "SR 2.12", "SR 2.8", "SR 2.9"], "iso27001-2013": ["A.12.4.1", "A.12.4.2", "A.12.4.3", "A.12.4.4", "A.12.7.1"], "nist": ["CM-6(a)"], "nist-csf": ["PR.PT-1"], "srg": ["SRG-OS-000479-GPOS-00224", "SRG-OS-000051-GPOS-00024", "SRG-OS-000480-GPOS-00227"], "ism": ["1409"]}, "control_references": {"ism": ["1409"]}, "components": [], "identifiers": {}, "ocil_clause": "the package is not installed", "ocil": " Run the following command to determine if the <code>rsyslog</code> package is installed: <pre>$ dpkg -l  rsyslog</pre>", "oval_external_content": null, "fixtext": "Configure Ubuntu 22.04 to offload audit logs by installing the required packages with the following command:\n\nThe <code>rsyslog</code> package can be installed with the following command:\n<pre>\n$ apt-get install rsyslog</pre>", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must have the packages required for offloading audit logs installed.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must have the rsyslog package installed.", "vuldiscussion": "rsyslogd is a system utility providing support for message logging. Support for both internet and Unix domain sockets enables this utility to support both local and remote logging. Couple this utility with \"gnutls\" (which is a secure communications library implementing the SSL, TLS, and DTLS protocols), to create a method to securely encrypt and offload auditing.", "checktext": "Verify that Ubuntu 22.04 has the rsyslogd package installed with the following command:\n\n$ dnf list --installed rsyslog\n\nExample output:\n\nrsyslog.x86_64          8.2102.0-101.el9_0.1\n\nIf the \"rsyslogd\" package is not installed, this is a finding.", "fixtext": "The rsyslogd package can be installed with the following command:\n\n$ sudo dnf install rsyslogd"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure rsyslog is Installed", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml", "template": {"name": "package_installed", "vars": {"pkgname": "rsyslog"}, "backends": {}}}