Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system.
Preserving operating system state information helps to facilitate operating system restart and return to the operational mode of the organization with least disruption to mission/business processes.
Check
Verify the log service is installed properly by using the following command:
$ dpkg -l | grep rsyslog ii rsyslog 8.2112.0-2ubuntu2.2 amd64 reliable system and kernel logging daemon
If the "rsyslog" package is not installed, this is a finding.
Check that the log service is enabled and active by using the following commands:
$ systemctl is-enabled rsyslog.service enabled
$ systemctl is-active rsyslog.service active
If "rsyslog.service" is not enabled and active, this is a finding.
Fix
Install the log service by using the following command:
$ sudo apt-get install rsyslog
Enable and activate the log service by using the following command: