STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

Cron logging must be implemented in RHEL 8.

DISA Rule

SV-230387r627750_rule

Vulnerability Number

V-230387

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

RHEL-08-030010

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Configure "rsyslog" to log all cron messages by adding or updating the following line to "/etc/rsyslog.conf" or a configuration file in the /etc/rsyslog.d/ directory:

cron.* /var/log/cron.log

Check Contents

Verify that "rsyslog" is configured to log cron events with the following command:

Note: If another logging package is used, substitute the utility configuration file for "/etc/rsyslog.conf" or "/etc/rsyslog.d/*.conf" files.

$ sudo grep -s cron /etc/rsyslog.conf /etc/rsyslog.d/*.conf

/etc/rsyslog.conf:*.info;mail.none;authpriv.none;cron.none /var/log/messages
/etc/rsyslog.conf:# Log cron stuff
/etc/rsyslog.conf:cron.* /var/log/cron.log

If the command does not return a response, check for cron logging all facilities with the following command.

$ sudo grep -s /var/log/messages /etc/rsyslog.conf /etc/rsyslog.d/*.conf

/etc/rsyslog.conf:*.info;mail.none;authpriv.none;cron.none /var/log/messages

If "rsyslog" is not logging messages for the cron facility or all facilities, this is a finding.

Vulnerability Number

V-230387

Documentable

False

Rule Version

RHEL-08-030010

Severity Override Guidance

Check Content Reference

Target Key

2921

Cron logging must be implemented in RHEL 8.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments