Ubuntu 24.04 LTS must be configured to preserve log records from failure events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-270653 | UBTU-24-100200 | SV-270653r1067141_rule | Medium |
| Description |
| Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving operating system state information helps to facilitate operating system restart and return to the operational mode of the organization with least disruption to mission/business processes. |
| STIG | Date |
| Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide | 2025-05-16 |
Details
| Check Text (C-74686r1067139_chk) |
| Verify the log service is installed properly with the following command: $ dpkg -l | grep rsyslog ii rsyslog 8.2312.0-3ubuntu9 amd64 reliable system and kernel logging daemon If the "rsyslog" package is not installed, this is a finding. Check that the log service is enabled with the following command: $ systemctl is-enabled rsyslog enabled If the command above returns "disabled", this is a finding. Check that the log service is properly running and active on the system with the following command: $ systemctl is-active rsyslog active If the command above returns "inactive", this is a finding. |
| Fix Text (F-74587r1067140_fix) |
| Configure the log service to collect failure events. Install the log service (if the log service is not already installed) with the following command: $ sudo apt install -y rsyslog Enable the log service with the following command: $ sudo systemctl enable --now rsyslog |