{"description": "Ubuntu 22.04 must offload rsyslog messages for networked systems in real time and\noffload standalone systems at least weekly", "rationale": "Information stored in one location is vulnerable to accidental or incidental deletion or alteration.\nOffloading is a common process in information systems with limited audit storage capacity", "severity": "medium", "references": {"srg": ["SRG-OS-000479-GPOS-00224"], "cis": ["6.2.1.2.2"]}, "control_references": {"cis": ["6.2.1.2.2"]}, "components": [], "identifiers": {}, "ocil_clause": "systemd-journal-upload URL is missing or commented in /etc/systemd/journal-upload.conf", "ocil": "To ensure logs are sent to a remote host, examine the file\n<tt>/etc/systemd/journal-upload.conf(.d/*.conf)</tt>.\nURL should be present:\n<pre>URL=<sub idref=\"var_journal_upload_url\" /></pre>", "oval_external_content": null, "fixtext": "Configure systemd-journal-upload URL to <sub idref=\"var_journal_upload_url\" />", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "service_disabled[rsyslog]", "platforms": ["service_disabled[rsyslog]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["service_disabled_rsyslog"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Configure systemd-journal-upload URL", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/journald/systemd_journal_upload_url/rule.yml", "template": null}