{"description": "Journald (via systemd-journal-remote ) supports the ability to send\nlog events it gathers to a remote log host or to receive messages\nfrom remote hosts, thus enabling centralised log management.", "rationale": "Storing log data on a remote host protects log integrity from local\nattacks. If an attacker gains root access on the local system, they\ncould tamper with or remove log data that is stored on the local system.", "severity": "medium", "references": {"srg": ["SRG-OS-000479-GPOS-00224"], "cis": ["6.2.1.2.1"]}, "control_references": {"cis": ["6.2.1.2.1"]}, "components": [], "identifiers": {}, "ocil_clause": "the package is not installed", "ocil": " Run the following command to determine if the <code>systemd-journal-remote</code> package is installed: <pre>$ dpkg -l  systemd-journal-remote</pre>", "oval_external_content": null, "fixtext": "The <code>systemd-journal-remote</code> package can be installed with the following command:\n<pre>\n$ apt-get install systemd-journal-remote</pre>", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "service_disabled[rsyslog]", "platforms": ["service_disabled[rsyslog]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["service_disabled_rsyslog"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Install systemd-journal-remote Package", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/journald/package_systemd-journal-remote_installed/rule.yml", "template": {"name": "package_installed", "vars": {"pkgname": "systemd-journal-remote"}, "backends": {}}}