{"description": "Configure CA certificate for <tt>rsyslog</tt> logging\nto remote server using Transport Layer Security (TLS)\nusing correct path for the <tt>DefaultNetstreamDriverCAFile</tt>\nglobal option in <tt>/etc/rsyslog.conf</tt>, for example with the following command:\n<pre>echo 'global(DefaultNetstreamDriverCAFile=\"/etc/pki/tls/cert.pem\")' >> /etc/rsyslog.conf</pre>\nReplace the <tt>/etc/pki/tls/cert.pem</tt> in the above command with the path to the file with CA certificate generated for the purpose of remote logging.", "rationale": "The CA certificate needs to be set or <tt>rsyslog.service</tt>\nfails to start with\n<pre>error: ca certificate is not set, cannot continue</pre>", "severity": "medium", "references": {"srg": ["SRG-OS-000480-GPOS-00227"], "anssi": ["R71"], "ism": ["0988", "1405"]}, "control_references": {"anssi": ["R71"], "ism": ["0988", "1405"]}, "components": [], "identifiers": {}, "ocil_clause": "CA certificate for rsyslog remote logging via TLS is not set", "ocil": "To verify that rsyslog's Forwarding Output Module has CA certificate\nconfigured for its TLS connections to remote server, run the following command:\n<pre>$ grep DefaultNetstreamDriverCAFile /etc/rsyslog.conf /etc/rsyslog.d/*.conf</pre>\nThe output should include record similar to\n<pre>global(DefaultNetstreamDriverCAFile=\"/etc/pki/tls/cert.pem\")</pre>\nwhere the path to the CA file (<tt>/etc/pki/tls/cert.pem</tt> in case above) must point to the correct CA certificate.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "Automatic remediation is not available as each organization has unique requirements. "}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Configure CA certificate for rsyslog remote logging", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml", "template": null}