The TOSS operating system must be configured to preserve log records from failure events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-252927 | TOSS-04-010170 | SV-252927r991562_rule | Medium |
| Description |
| Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving operating system state information helps to facilitate operating system restart and return to the operational mode of the organization with least disruption to mission/business processes. |
| STIG | Date |
| Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide | 2025-05-08 |
Details
| Check Text (C-56380r824103_chk) |
| Verify the rsyslog service is enabled and active with the following commands: $ sudo systemctl is-enabled rsyslog enabled $ sudo systemctl is-active rsyslog active If the service is not "enabled" and "active", this is a finding. If "rsyslog" is not enabled, ask the System Administrator how system error logging is performed on the system. If there is no evidence of system logging being performed on the system, this is a finding. |
| Fix Text (F-56330r824104_fix) |
| Start and enable the rsyslog service with the following commands: $ sudo systemctl start rsyslog.service $ sudo systemctl enable rsyslog.service |