The rsyslog service on RHEL 9 must be active.

STIG ID: RHEL-09-652020  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-258142

Vulnerability Discussion

The "rsyslog" service must be running to provide logging services, which are essential to system administration.

Check

Verify that "rsyslog" is active with the following command:

$ systemctl is-active rsyslog

active

If the rsyslog service is not active, this is a finding.

Fix

To enable the rsyslog service, run the following command:

$ sudo systemctl enable --now rsyslog