{"description": "Data from journald should be kept in the confines of the service and not forwarded to other services.", "rationale": "If journald is the method for capturing logs, all logs of the system should be handled by journald and not forwarded to other logging mechanisms.", "severity": "medium", "references": {"cis": ["6.2.1.1.4"]}, "control_references": {"cis": ["6.2.1.1.4"]}, "components": [], "identifiers": {}, "ocil_clause": "is commented out or not configured correctly", "ocil": "Run the following command to verify that journald is not forwarding logs to syslog.\n<pre>\ngrep \"^\\sForwardToSyslog\" /etc/systemd/journald.conf /etc/systemd/journald.conf.d/*.conf\n\n</pre>\nand it should return\n<pre>\nForwardToSyslog=no\n</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[systemd]", "platforms": ["package[systemd]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_systemd"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure journald ForwardToSyslog is disabled", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/journald/journald_disable_forward_to_syslog/rule.yml", "template": {"name": "systemd_dropin_configuration", "vars": {"master_cfg_file": "/etc/systemd/journald.conf", "dropin_dir": "/etc/systemd/journald.conf.d", "section": "Journal", "param": "ForwardToSyslog", "value": "no", "no_quotes": "true", "missing_config_file_fail": "false"}, "backends": {}}}